CVE-2024-5751 - OpenCVE

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Litellm	Litellm

Configuration 1 [-]

cpe:2.3:a:litellm:litellm:1.35.8:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce

History

Fri, 20 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Litellm Litellm litellm
CPEs		cpe:2.3:a:litellm:litellm:1.35.8:::::::*
Vendors & Products		Litellm Litellm litellm
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-27T18:40:49.896Z

Updated: 2024-08-01T21:18:07.126Z

Reserved: 2024-06-07T16:33:15.277Z

Link: CVE-2024-5751

Vulnrichment

Updated: 2024-08-01T21:18:07.126Z

NVD

Status : Analyzed

Published: 2024-06-27T19:15:16.160

Modified: 2024-09-20T18:01:44.533

Link: CVE-2024-5751

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5751", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-07T16:33:15.277Z", "datePublished": "2024-06-27T18:40:49.896Z", "dateUpdated": "2024-08-01T21:18:07.126Z"}, "containers": {"cna": {"title": "Remote Code Execution in BerriAI/litellm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:40:49.896Z"}, "descriptions": [{"lang": "en", "value": "BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model."}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "ae623c2f-b64b-4245-9ed4-f13a0a5824ce", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "berriai", "product": "litellm", "cpes": ["cpe:2.3:a:berriai:litellm:1.35.8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.35.8", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T20:20:04.683432Z", "id": "CVE-2024-5751", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:00:11.936Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:07.126Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:07.126Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5751", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-27T20:20:04.683432Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:berriai:litellm:1.35.8:*:*:*:*:*:*:*"], "vendor": "berriai", "product": "litellm", "versions": [{"status": "affected", "version": "1.35.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:00:08.911Z"}}], "cna": {"title": "Remote Code Execution in BerriAI/litellm", "source": {"advisory": "ae623c2f-b64b-4245-9ed4-f13a0a5824ce", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce"}], "descriptions": [{"lang": "en", "value": "BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-27T18:40:49.896Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5751", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:07.126Z", "dateReserved": "2024-06-07T16:33:15.277Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-27T18:40:49.896Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:litellm:litellm:1.35.8:*:*:*:*:*:*:*", "matchCriteriaId": "03D64FCA-7537-4CEF-BD5C-2EC7E1FA529C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and a database to store a model."}, {"lang": "es", "value": "BerriAI/litellm versi\u00f3n v1.35.8 contiene una vulnerabilidad donde un atacante puede lograr la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad existe en la funci\u00f3n `add_deployment`, que decodifica y descifra variables de entorno de base64 y las asigna a `os.environ`. Un atacante puede aprovechar esto enviando una carga maliciosa al endpoint `/config/update`, que luego es procesada y ejecutada por el servidor cuando se activa la funci\u00f3n `get_secret`. Esto requiere que el servidor utilice Google KMS y una base de datos para almacenar un modelo."}], "id": "CVE-2024-5751", "lastModified": "2024-09-20T18:01:44.533", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-27T19:15:16.160", "references": [{"source": "security@huntr.dev", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Primary"}]}