CVE-2024-22476
published 2024-05-16CVE-2024-22476: Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation…
PriorityP181critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EXPLOIT
EPSS
33.36%
98.2th percentile
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/huggingface/transformers/blob/v4.21-release/examples/pytorch/text-classification/run_glue.py↗
command{"script_url": "https://github.com/huggingface/transformers/blob/v4.21-release/examples/pytorch/text-classification/run_glue.py","optimized": "False","arguments": ["--model_name_or_path bert-base-cased --task_name mrpc --do_eval --output_dir result"],"approach": "static","requirements": [],"workers": 1}↗
- →Detect exploitation attempts by monitoring POST requests to the /task/submit/ endpoint with a JSON body containing a 'script_url' field pointing to an external resource. ↗
- →A successful exploitation response will contain the strings 'status":"successfully' AND 'Task submitted successfully' in the JSON body with HTTP 200 and Content-Type application/json. ↗
- →The attack is unauthenticated (no credentials required) and targets the remote task submission API; flag any unauthenticated POST to /task/submit/ with an external script_url value. ↗
- →The vulnerability is classified as SQL Injection via improper input validation in the task submission endpoint; monitor for SQL metacharacters or unusual payloads in the 'script_url', 'arguments', or 'approach' JSON fields of POST /task/submit/ requests. ↗
- ·The Nuclei template targets Intel Neural Compressor instances exposed over the network; the exploit payload uses a remote GitHub script_url, meaning the vulnerable service must be able to reach external URLs for full exploitation. Internal/air-gapped deployments may behave differently. ↗
- ·The template is tagged 'intrusive' and 'vuln', meaning active probing will submit a real task to the target service; use only in authorized testing environments. ↗
- ·CVSS score is 10.0 (Critical) with network vector, no privileges required, and no user interaction; scope is changed with high impact on confidentiality, integrity, and availability. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Intel Neural Compressor <2.5.0 - SQL Injection
nuclei·CVSS 10.0
CVE-2024-22476 [CRITICAL] Intel Neural Compressor <2.5.0 - SQL Injection
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Template:
id: CVE-2024-22476
info:
name: Intel Neural Compressor <2.5.0 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
impact: |
Unauthenticated attackers can escalate privileges or perform malicious actions through improper input validation in Intel Neural Compressor.
remediation: |
Update Intel Neural Compressor to version 2.5.0 or later.
re
No writeups or analysis indexed.
2024-05-16
Published