Critical AI Security Flaws Let Attackers Bypass Detection & Execute Remote Code
Artificial Intelligence (AI) has become one of the fastest-booming technologies of this decade, with several advancements in multiple industries.
In several cases, threat actors have exploited AI systems to retrieve sensitive information later used in other attack vectors.
However, such a booming technology must be vigilant towards vulnerabilities that arise during the development or run time.
A bug bounty program was created to protect Artificial intelligence that detected several vulnerabilities using custom-developed and open-source tools.
Critical AI Security Flaws
According to the reports shared with Cyber Security News, there were more than 9 vulnerabilities detected this month. The most crucial ones were a Validation Bypass, Arbitrary File Overwrite via Malicious Source URL, and Local file inclusion.
The CVEs for these vulnerabilities were assigned as CVE-2024-0520 (10.0 – Critical), CVE-2023-6976 (8.8 – High), and CVE-2023-6977 (10.0 – Critical).
CVE-2024-0520: MLflow Arbitrary File Overwrite
This vulnerability exists in the MLflow, a tool for storing and tracking models in which an attacker can perform an arbitrary file overwrite due to the code used to pull down remote data storage. Users can be manipulated into using a malicious remote data source that will alternatively execute commands in the user’s context.
CVE-2023-6976 – MLflow Arbitrary File Overwrite
One of the MLflow functions that validate file path safety had a bypass vulnerability that would allow a threat actor to remotely overwrite files on the MLflow server, resulting in remote code execution. A threat actor can also overwrite the SSH keys on the system or edit the .bashrc file to execute arbitrary commands on the system when the next user logs in.
CVE-2023-6977 – MLflow Local File Include
In certain types of operating systems, the hosted MLflow can be manipulated into displaying sensitive file contents due to a file path safety bypass, which can also potentially lead to system takeover if the SSH keys or cloud keys were stored on the server with MLflow read permissions.
A complete report has been published, which provides detailed information about these vulnerabilities, potential exploitation, impact, and other information.