CVERadar

CVE-2024-34361

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.12099/1

CVE-2024-34361 is a vulnerability in Pi-hole, a DNS sinkhole software, allowing authenticated users to make internal server requests, potentially leading to remote command execution. This vulnerability affects versions prior to 5.18.3 and has a patch available in version 5.18.3. While the CVSS score is 0, indicating a low base score, the presence of active exploits makes this vulnerability more critical. The SOCRadar Vulnerability Risk Score (SVRS) of 30 reflects a moderate risk. Even with a moderate SVRS, the 'Exploit Available' and 'In The Wild' tags are critical, indicating real-world exploitation and immediate risk to systems running vulnerable Pi-hole versions. Due to the potential for remote command execution, organizations using Pi-hole should prioritize updating to version 5.18.3 to mitigate this security risk.

TAGS

In The Wild

Exploit Avaliable

VECTOR STRING

PUBLICATION DATE2024-07-05

LAST MODIFIED2024-07-08

SOCRadar

AI Insight

Description:

CVE-2024-34361 is a vulnerability in Pi-hole, a DNS sinkhole that protects devices from unwanted content. The vulnerability allows an authenticated user to make internal requests to the server, potentially leading to remote command execution. The SVRS for this CVE is 34, indicating a moderate level of risk.

Key Insights:

Authenticated users can exploit the vulnerability: This means that attackers who have gained access to a user's credentials can exploit the vulnerability.
Remote command execution is possible: This is a serious vulnerability that could allow attackers to take control of the affected system.
Active exploits have been published: This means that attackers are actively exploiting the vulnerability in the wild.

Mitigation Strategies:

Update Pi-hole to version 5.18.3 or later: This version contains a patch for the vulnerability.
Restrict access to the Pi-hole server: Only allow authorized users to access the server.
Monitor the Pi-hole server for suspicious activity: This will help you to detect and respond to any attacks that may be exploiting the vulnerability.

Additional Information:

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
Users with additional queries regarding this incident can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE	https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE	2024-07-07

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-34361 | pi-hole up to 5.18.2 gravity_DownloadBlocklistFromUrl server-side request forgery (GHSA-jg6g-rrj6-xfg6)

vuldb.com2024-07-05

CVE-2024-34361 | pi-hole up to 5.18.2 gravity_DownloadBlocklistFromUrl server-side request forgery (GHSA-jg6g-rrj6-xfg6) | A vulnerability, which was classified as critical, has been found in pi-hole up to 5.18.2. Affected by this issue is the function gravity_DownloadBlocklistFromUrl. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-34361. The attack may be launched

cve-2024-34361

domains

urls

cves

Social Media

CRAC Learning - Tech

@cracbot

2024-07-08

CVE-2024-34361 (CVSS:8.5, HIGH) is Received. Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vul..https://t.co/BJt0pyL4MW #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

VulDB 🛡

@vuldb

2024-07-06

A severe vulnerability was disclosed for pi-hole (CVE-2024-34361) https://t.co/sfwr8Yo7uU

Vulmon Vulnerability Feed

@VulmonFeeds

2024-07-05

CVE-2024-34361 Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make in... https://t.co/uLrBSrtLcG

CVEFind.com

@CveFindCom

2024-07-05

[CVE-2024-34361: HIGH] Pi-hole DNS sinkhole software has a vulnerability before version 5.18.3 allowing authenticated users to make internal requests, possibly leading to remote command execution. Update to versi...#cybersecurity,#vulnerability https://t.co/9FSUGnFZxL https://t.co/0cKMxETniN

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d
[email protected]	https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6
GITHUB	https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6

CWE Details

CWE ID	CWE Name	Description
CWE-918	Server-Side Request Forgery (SSRF)	The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence