A new critical security vulnerability dubbed “CosmicSting” (CVE-2024-34102) has been recently discovered. The new security flow might jeopardizing millions of online web stores that are running on Adobe Commerce and Magento platforms.
The new vulnerability, which has been assigned a critical CVSS score of 9.8, will allow attackers to gain unauthorized access to sensitive files, including those containing passwords, and can be escalated to remote code execution when combined with a recent Linux bug (CVE-2024-2961).
Security researchers have described CosmicSting as “the worst bug to hit Magento and Adobe Commerce stores in two years.” The vulnerability’s high potential for exploitation and severe impact make it a significant threat to the e-commerce ecosystem. With nearly three-quarters of affected sites yet to apply the crucial security patch, the risk of widespread attacks looms large.
CosmicSting’s Global E-Commerce Impact
Multiple cybersecurity search engines and databases have revealed large numbers of exposed Magento and Adobe Commerce stores instances across the internet.
Hunter.how identified over 54,200 services potentially at risk, while FOFA.info reported a similar figure of 54,000+ results. Netlas.io detected 126,461 Magento platforms.
ZoomEye’s dork search uncovered approximately 161,935 instances of Magento installations, with a significant presence in the United States and Germany, and other countries. and finally Shodan, the prominent security search engine, found 11,576 instances.
Limited Technical Details About CVE-2024-34102
At the time of writing, no publicly available proof-of-concept (POC) has been released for CVE-2024-34102, which means that technical details about this newly discovered security flaw are currently limited. We will continue to monitor the situation and provide updates as more information becomes available
Applying a fix for CVE-2024-34102
Adobe has acknowledged the vulnerability and released security patches to fix CVE-2024-34102. CosmicSting also provided an emergency fix that you can add to the top of app/bootstrap.php. It will block the majority of CosmicSting attacks.
if (strpos(file_get_contents('php://input'), 'dataIsURL') !== false) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
exit;
}If you are running Magento e-commerce platform, it is highly recommenced to follow the vendor’s instructions to keep your online store secure as possible.
