CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9264

Critical Severity
Grafana
SVRS
82/100
CVSSv3
8.8/10
EPSS
0.9232/1

CVE-2024-9264 in Grafana allows for command injection and local file inclusion. The vulnerability stems from insufficient sanitization of user input within the SQL Expressions experimental feature using duckdb queries. With a high SOCRadar Vulnerability Risk Score (SVRS) of 82, this is a critical vulnerability that requires immediate attention. Any Grafana user with VIEWER permissions or higher can exploit this flaw if the duckdb binary is present in Grafana's $PATH. Due to the vulnerability being actively exploited and the availability of public exploits, organizations using Grafana should prioritize patching this issue. This allows attackers to run malicious commands and access sensitive local files. Addressing CVE-2024-9264 is vital to protect your Grafana instance and prevent unauthorized access.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-18
LAST MODIFIED2025-03-14

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
nollium/CVE-2024-9264https://github.com/nollium/CVE-2024-92642024-10-19
zgimszhd61/CVE-2024-9264https://github.com/zgimszhd61/CVE-2024-92642024-10-20
z3k0sec/File-Read-CVE-2024-9264https://github.com/z3k0sec/File-Read-CVE-2024-92642024-10-20
z3k0sec/CVE-2024-9264-RCE-Exploithttps://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit2024-10-21
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Monday, October 21st, 2024
Dr. Johannes B. Ullrich2024-10-21
ISC StormCast for Monday, October 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lost MSFT 365 Logs; Broken Cloud Storage; ESET Branded Malware; Synology, Spring and Grafana UpdatesMicrosoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware <a href="https://x.com
sans.edu
rss
forum
news
1.827
2025-03-13
1.827 | Newly Added (3)Multiple Vulnerabilities fixed in Ivanti Endpoint Manager 2022 SU6Security Vulnerabilities fixed in Adobe Acrobat APSB25-14Security Vulnerabilities fixed in Adobe Acrobat Reader APSB25-14Modified (43)<ul
fortiguard.com
rss
forum
news
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
Ferdi Gül2024-12-03
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE | Written by: Ferdi Gül Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial [&#8230;] The post FOCUS FRIDAY: ADDRESSING
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written by: Ferdi Gül Welcome to this week&#8217;s edition of FOCUS FRIDAY, where we delve into high-profile cybersecurity incidents from a Third-Party Risk Management (TPRM) perspective. In this installment, we examine critical vulnerabilities affecting widely-used products such as LiteSpeed Cache, RICOH Web Image Monitor, Squid Proxy, and Xlight FTP. By leveraging Black Kite’s proprietary FocusTags™, [&#8230;] The post <a href="https://blackkite.com
normshield.com
rss
forum
news
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™
Ferdi Gül2024-12-03
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™ | Written by: Ferdi Gül Welcome to this week’s Focus Friday, where we delve into high-profile vulnerabilities impacting third-party software and explore their implications for Third-Party Risk Management (TPRM). This edition examines two notable vulnerabilities: the path traversal vulnerabilities in Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd. With each vulnerability carrying the potential for severe [&#8230;] The post Focus
normshield.com
rss
forum
news
Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow Vulnerabilities
Ferdi Gül2024-12-03
Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog delves into critical vulnerabilities affecting widely used systems: PAN-OS, Apache Airflow, and PostgreSQL. These vulnerabilities, ranging from authentication bypass and privilege escalation to sensitive data exposure and arbitrary code execution, highlight the evolving threat landscape faced by organizations worldwide. From a Third-Party Risk Management (TPRM) perspective, [&#8230;] The post Focus Friday: TPRM Insights On PAN-OS, PostgreSQL, and Apache Airflow
normshield.com
rss
forum
news
New Flaws in Fortinet, SonicWall, and Grafana Pose Significant Threats
Viplav Kushwah ([email protected])2024-11-06
New Flaws in Fortinet, SonicWall, and Grafana Pose Significant Threats | &nbsp;Cyble Research and Intelligence Labs (CRIL) has discovered new IT vulnerabilities that affect Fortinet, SonicWall, Grafana Labs, and CyberPanel, among
blogger.com
rss
forum
news

Social Media

Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw https://t.co/0JsbakKIoD
0
0
1
CVE-2024-9264 - Remote Code Execution in Grafana via SQL Expressions and improper sanitized DuckDB SQL queries PoC: https://t.co/bXo1sRSSU0 Blog: https://t.co/b0jUKBHwpZ https://t.co/btzuDj3yTV
0
0
2
I'm talking about this imposter one last time since I got DMs asking whether RCE was possible. No, their new Grafana "RCE" exploit for CVE-2024-9264 doesn't work. They just copy-pasted @ElleuchX1 comment into ChatGPT again without testing (https://t.co/NmxywrIJjB) https://t.co/TMqg2uZfUQ
2
0
0
**Disclaimer** I'm not relentlessly targeting a random person with no reason; they rewrote my CVE-2024-9264 exploit with ChatGPT and passed it off as their own work. They responded dismissively when I commented their post to point out that it was plagiarism ****
1
0
1
Grafana’da Kritik RCE Zafiyeti (CVE-2024-9264): Hemen Güncelleyin! https://t.co/3R8d0gNJND https://t.co/zKLEDqQScL
0
1
1
Critical severity fix for CVE-2024-9264 | Grafana Labs https://t.co/u7MPU0ZVfV
0
0
0
『The DuckDB binary is not packaged with Grafana by default, so to be exploitable, the system must have DuckDB installed and included in Grafana’s PATH.』 Grafana security release: Critical severity fix for CVE-2024-9264 | Grafana Labs https://t.co/ydJGAEBQom iocs: https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGrafanagrafana

References

ReferenceLink
[email protected]https://grafana.com/security/security-advisories/cve-2024-9264/
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250314-0007/
[email protected]https://grafana.com/security/security-advisories/cve-2024-9264/

CWE Details

CWE IDCWE NameDescription
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-94Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence