October 31, 2024 at 12:50PM
The LiteSpeed Cache plugin for WordPress fixed a high-severity privilege elevation flaw (CVE-2024-50550) enabling unauthenticated users to gain admin rights. The vulnerability stemmed from weak hash checks in the role simulation feature. A patch was released on October 17, 2024, but millions remain potentially exposed.
### Meeting Takeaways:
1. **Vulnerability Fixed**: The LiteSpeed Cache plugin has addressed a critical privilege elevation flaw, CVE-2024-50550, in its latest release (version 6.5.2).
2. **Vulnerability Details**:
– The flaw could allow unauthenticated users to gain admin rights.
– It is caused by a weak hash check in the ‘role simulation’ feature.
– The hash values were predictable due to poor randomness.
3. **Exploitation Requirements**:
– Specific settings are required for exploitation:
– Run duration and intervals between 2,500 and 4,000 seconds.
– Server load limit set to 0.
– Role simulation set to administrator.
4. **Severity and Impact**:
– The flaw allows an attacker to simulate an admin role, leading to serious security issues like uploading malware and editing web pages.
– Approximately 4 million of the 6 million sites using the plugin remain vulnerable, despite 2 million upgrades post-patch.
5. **Recent Security Issues**:
– LiteSpeed Cache has faced multiple critical vulnerabilities this year, including:
– CVE-2023-40000 (May 2024): Unauthenticated cross-site scripting flaw exploited for admin takeover.
– CVE-2024-28000 (August 2024): Public warning followed by mass exploitation attempts.
– CVE-2024-44000 (September 2024): Admin account takeover due to exposed logs.
6. **Timeline of Discovery and Fix**:
– Vulnerability reported on September 23, 2024.
– Proof of Concept (PoC) developed by October 10, 2024.
– Fix released on October 17, 2024, enhancing hash security.
### Action Items:
– Users of LiteSpeed Cache are encouraged to update to version 6.5.2 to mitigate risks.
– Continued monitoring of the plugin’s security for further vulnerabilities is advisable.