Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Aiohttp Vulnerability in Attacker Crosshairs

A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group.

Hackers are apparently attempting to exploit a recently patched Aiohttp vulnerability that could impact thousands of servers worldwide, according to threat intelligence firm Cyble.

Aiohttp is an open source asynchronous HTTP client/server framework for Asyncio and Python. There are dozens of libraries built on top of Aiohttp and it powers the websites of several major companies. 

A Shodan search for ‘aiohttp’ shows more than 70,000 results worldwide, including many in the United States, China and Germany. Cyble’s own scanner has identified 43,000 internet-exposed instances, with significant percentages seen in the US and Europe.

Many of these systems could be impacted by CVE-2024-23334, a high-severity path traversal vulnerability patched in late January with the release of version 3.9.2. The flaw can be exploited by remote, unauthenticated attackers to access sensitive information from arbitrary files stored on the targeted server.

A proof-of-concept (PoC) exploit for CVE-2024-23334 was made public in late February and Cyble started seeing scanning activity shortly after. 

The cybersecurity firm noticed exploitation attempts coming from multiple IP addresses, including one previously linked to a cybercrime group named ShadowSyndicate

The threat actor has been active since at least July 2022, according to a recent report from Group-IB. ShadowSyndicate is believed to be a ransomware-as-a-service affiliate that has worked with several ransomware operations, including Royal, Cl0p, Play and Cactus. 

There does not appear to be conclusive evidence that the vulnerability has been successfully exploited to hack into organizations’ systems, but the fact that threat actors have set their sights on the flaw is concerning. 

Advertisement. Scroll to continue reading.

“The prevalence of servers running on unpatched versions of the Aiohttp framework poses a significant risk in cybersecurity. While attacks haven’t been observed utilizing this specific vulnerability at present, the scanning attempts by the ShadowSyndicate group underscore the looming threat,” Cyble said.

Related: 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation

Related: Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

Related: Apache ActiveMQ Vulnerability Exploited as Zero-Day

Related: CISA Warns of Roundcube Webmail Vulnerability Exploitation

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.