Nav

Mule Enterprise Management Console Security Update

Released Oct 22, 2014

What happened?

Earlier today, a potential security vulnerability in Mule Enterprise Management Console (MMC) was brought to our attention by Packet Storm, an independent cloud security firm.

Mule Enterprise Management Console (MMC) enables granular management of run time resources such as servers, clusters, flows, and end-points. With MMC, MuleSoft customers have visibility and control over SLAs, service level metrics and runtime performance.  MMC also enables authenticated users to take administrative actions such as providing role-based access for additional users and controlling resources remotely.

The original disclosure was reported in the Full Disclosure mailing list. In a blog post, Packet Storm reiterated the following:

"MuleSoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can be made by any authenticated user, even those with a single role of Monitor."

What does this vulnerability mean?

The vulnerability allows an authenticated user to elevate their privileges by issuing a specially crafted request to MMC console to add a new user, with administrative privileges. It originates from the code governing the addition of new users, which misses a credentials validation check.

The title of the blog post and reference to Mule ESB 3.5.1 are misleading in that the only product affected is MMC.  The vulnerability does not otherwise affect Mule ESB 3.5.1.

What are the mitigating factors against this vulnerability?

This vulnerability requires successful user authentication. MMC is typically used by administrators and in an administrative context, and not by regular users.

MMC is normally deployed in a secure network segment, accessible only to trusted users. This exploit requires that an internal user, previously granted legitimate access (“trusted user”), launch the attack.

What is being done about this?

MuleSoft has identified the source code in the MMC product that produces this vulnerability, and is developing a patch to fix the issue.

MuleSoft has identified the source code in the MMC product that produces this vulnerability, and has already created a hot fix for the issue. This hot fix can now be downloaded from the customer portal.

If I am affected, what can I do in the interim?

Customers may eliminate all non-admin users from their MMC implementation until a patch is available.