ThreatQuotient ThreatQ Platform

Plan PatchCVSS 8.8ICS-CERT ICSA-24-352-01Dec 17, 2024

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ThreatQ Platform versions prior to 5.29.3 contain a code injection vulnerability (CWE-77) that could allow an authenticated attacker to perform remote code execution. The vulnerability requires valid user credentials and network access to the platform.

What this means

What could happen

An attacker with login credentials could run arbitrary code on the ThreatQ Platform, potentially compromising threat intelligence data and using the platform as a pivot point to attack other systems on your network.

Who's at risk

Organizations using ThreatQ Platform for threat intelligence and situational awareness, including utilities, critical infrastructure operators, and security operations centers that rely on ThreatQ for threat data aggregation and analysis.

How it could be exploited

An attacker with valid credentials accesses the ThreatQ Platform over the network and exploits a code injection vulnerability (CWE-77) to execute arbitrary commands on the server. This could allow them to read or modify threat intelligence data, create backdoors, or move laterally to other systems.

Prerequisites

Valid ThreatQ Platform user credentials
Network access to the ThreatQ Platform web interface
User interaction not required once authenticated

Remotely exploitableRequires valid credentialsHigh CVSS (8.8)Could be used as pivot point to attack OT networksAffects threat intelligence infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

ThreatQ Platform: <5.29.3<5.29.35.29.3

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the ThreatQ Platform to authorized users only; do not expose it to the internet

HARDENINGIf remote access to ThreatQ is required, enforce access through a VPN with current security patches applied

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ThreatQ Platform to version 5.29.3 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate ThreatQ Platform from business networks and other critical systems

CVEs (1)

CVE-2024-39703

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/88457591-e636-4bc6-8724-275d146125bc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.