Cybercriminals Capitalize on MinIO Storage System Vulnerabilities to Breach Servers

Cybercriminals Capitalize on MinIO Storage System Vulnerabilities to Breach Servers

Product and Affected Versions:
MinIO high-performance object storage system
Severity and CVE ID
CVE-2023-28432 (CVSS score: 7.5)
CVE-2023-28434 (CVSS score: 8.8)
CVE-2023-28432 was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog on April 21, 2023
The vulnerabilities CVE-2023-28432 and CVE-2023-28434 pose a high risk, with the potential to expose sensitive information and facilitate remote code execution (RCE) on the host where the MinIO application is operational. These vulnerabilities are leveraged by threat actors to compromise MinIO instances.
How the Attack Works
1 . The attacker gains unauthorized access by exploiting CVE-2023-28432 and CVE-2023-28434, which provide them with admin credentials.

2. With these admin credentials, the attacker abuses their foothold to replace the MinIO client on the host with a trojanized version. They achieve this by triggering an update command that specifies a MIRROR_URL.

3. The MinIO documentation mentions the “mc admin update command,” which updates all MinIO servers in the deployment. This command supports using a private mirror server for environments without public internet access.

4. By replacing the authentic MinIO binary with a malicious version, the attacker successfully compromises the system. The modified binary exposes an endpoint that can receive and execute commands via HTTP requests, effectively acting as a backdoor.

5. The commands executed through this backdoor inherit the system permissions of the user who initiated the application.

6. Notably, the trojanized binary is similar to an exploit named “Evil MinIO,” which was published on GitHub in early April 2023. However, there is no evidence to suggest a direct connection between the two.
Patch and Update: Immediately apply the latest security patches and updates for the MinIO storage system. Ensure that your software is up-to-date with the latest security fixes.
Security Review: Conduct a thorough security review of your MinIO deployment to identify any potential compromises or unauthorized changes. This includes checking for any suspicious updates or binary replacements.
Change Credentials: Change all admin credentials and access keys associated with the MinIO system to prevent unauthorized access.
Network Segmentation: Implement network segmentation to isolate critical systems and services from potentially compromised ones, reducing the attack surface.
Monitoring and Detection: Implement robust monitoring and intrusion detection systems to detect and respond to any suspicious activities on your MinIO servers.
Access Control: Review and restrict access permissions for MinIO to authorized users only, and employ strong access controls to prevent unauthorized actions.
The information provided is based on a report from Security Joes. Additional details and updates regarding these vulnerabilities and related security advisories can be found through official MinIO channels and relevant security advisories. Security Joes may also release further information on their findings. Stay informed about the latest developments in MinIO security.