Apache has released a patch for a critical remote privilege escalation vulnerability in Apache CouchDB 3.2.1 protocol. This vulnerability, if not patched, can allow threat actors to execute code on a targeted server or client without being authenticated. Barracuda MSP recommends updating the latest patch to affected Apache products as soon as possible.
Technical Detail & Additional Information
What is the threat?
A remote privilege escalation vulnerability exists in the Apache Couch DB 3.2.1 and below. An attacker can access an improperly secured default installation without authentication to gain admin privileges. The vulnerability leads to CouchDB opening a random network port, bound to all available interfaces, and then a utility process called epmd advertises that random port to the network. epmd itself listens on a fixed port and once connected, the attacker will have full admin access.
Why is it noteworthy?
This vulnerability exists in the current version 3.2.1 of Couch DB, a common service used primarily to collect and store data to simplify record management across various computing devices, mobile phones, and web browsers. Apache has had other remote execution vulnerabilities in the past, including the vulnerability that led to Equifax’s data breach back in 2017.
What is the exposure or risk?
If this vulnerability were exploited, it would allow malicious actor(s) to execute any number of arbitrary codes as an admin user, giving them full control of the network and bypassing any security protocols that are in place. This can lead to ransomware events or Business Email Compromise (BEC) incidence, causing temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of a remote code execution attack:
- Update Apache CouchDB to version 3.2.2 or newer.
- We recommend implementing firewall for CouchDB installations.
- Keep all applications updated to enforce security measures
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.