CVE-2024-6922 Scanner

Automation Anywhere Automation 360 is a popular Robotic Process Automation (RPA) platform used by organizations worldwide to automate various business processes. It is employed by both IT and business professionals to streamline repetitive tasks and integrate workflows. The platform provides a web-based interface to design, execute, and manage automation tasks. Its Control Room component is crucial for managing and deploying bots across an organization. The platform is widely adopted in sectors such as finance, healthcare, and manufacturing.

The vulnerability in Automation Anywhere Automation 360 is a Server-Side Request Forgery (SSRF) flaw. It allows an attacker to manipulate the server into making arbitrary web requests, potentially exposing internal services or accessing sensitive data. The SSRF vulnerability can be exploited without authentication, making it particularly dangerous. This flaw is found in a web API component of the platform.

The SSRF vulnerability is located in the Automation 360 Control Room’s web API, where the /v1/proxy/test endpoint is vulnerable. An attacker can craft a specially crafted HTTP POST request that includes a malicious saasUrl parameter. When the server processes this request, it will attempt to access the provided URL, allowing the attacker to force the server to send requests to internal or external services. The vulnerability is confirmed by detecting DNS resolution attempts triggered by the server when interacting with attacker-controlled domains.

If exploited, this vulnerability can have severe consequences. An attacker could gain unauthorized access to internal services, potentially leading to data breaches, internal network scanning, or further attacks on other systems within the organization. The attacker could also exploit this vulnerability to bypass security controls, access sensitive information, or disrupt operations by targeting critical services.

By using the S4E platform, you can protect your organization against critical vulnerabilities like CVE-2024-6922. Our comprehensive scanning service detects and reports vulnerabilities in your digital assets, helping you secure your systems before attackers can exploit them. Join our platform to benefit from detailed insights, remediation guidance, and continuous monitoring to keep your environment safe from emerging threats.

References:

• https://www.automationanywhere.com/products/automation-360
• https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
• https://nvd.nist.gov/vuln/detail/CVE-2024-6922