OTPulse
FeedAboutContact

ThreatQuotient ThreatQ Platform

Plan Patch8.8ICS-CERT ICSA-24-352-01Dec 17, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

ThreatQ Platform contains a command injection vulnerability (CWE-77) that allows authenticated attackers to execute remote code with the privileges of the ThreatQ application. Successful exploitation requires valid user credentials but no special network position. The vulnerability affects all versions below 5.29.3.

What this means
What could happen
An attacker with valid user credentials could execute arbitrary code on the ThreatQ Platform, potentially compromising threat intelligence operations and enabling access to sensitive security data across your organization.
Who's at risk
Cybersecurity and threat intelligence teams managing ThreatQ Platform deployments for centralized threat intelligence gathering and analysis. This affects organizations that rely on ThreatQ for security operations and incident response coordination.
How it could be exploited
An attacker with legitimate ThreatQ user account credentials sends a specially crafted request over the network to the ThreatQ Platform. The vulnerability in command handling allows the attacker to inject and execute arbitrary code on the platform server without requiring administrative privileges.
Prerequisites
  • Valid ThreatQ user credentials (non-admin account sufficient)
  • Network access to the ThreatQ Platform application interface
  • ThreatQ Platform version below 5.29.3
Remotely exploitableRequires valid user credentialsLow attack complexityHigh impact (code execution)High CVSS score (8.8)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
ThreatQ Platform: <5.29.3<5.29.35.29.3
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to ThreatQ Platform from business networks; place behind firewall and ensure it is not directly accessible from the internet
WORKAROUNDIf remote access to ThreatQ is required, enforce access through VPN only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ThreatQ Platform to version 5.29.3 or later
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate ThreatQ Platform from general corporate IT infrastructure
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/88457591-e636-4bc6-8724-275d146125bc
ThreatQuotient ThreatQ Platform | CVSS 8.8 - OTPulse