CVE-2024-22476 Scanner

Intel Neural Compressor is a software optimization tool designed to accelerate machine learning models and their performance in AI and deep learning tasks. It is widely used by data scientists, machine learning engineers, and AI researchers to improve model efficiency on hardware platforms such as CPUs and GPUs. The tool allows users to optimize models with minimal impact on accuracy while improving inference speed. Intel Neural Compressor is commonly integrated into workflows where performance and scalability are critical. This software finds utility in industries like autonomous driving, healthcare, and finance where real-time processing is crucial.

The SQL Injection vulnerability in Intel Neural Compressor allows attackers to manipulate backend databases by sending crafted SQL queries through unsanitized input fields. This flaw can be exploited remotely without any authentication. It may result in unauthorized access to sensitive data, data tampering, or privilege escalation. Systems running versions below 2.5.0 are particularly vulnerable to this critical issue.

The vulnerability stems from improper input validation in the task submission endpoint of Intel Neural Compressor. Specifically, user-supplied data in the "script_url" and other parameters are not sufficiently sanitized before being used in SQL queries. Attackers can exploit this by injecting malicious SQL code in the request body of a POST request. Once successful, the injected SQL commands can alter database queries, potentially providing the attacker with administrative access or data retrieval capabilities. The vulnerability affects the core functionality of the task management system in the software.

If successfully exploited, this SQL Injection vulnerability can lead to severe consequences such as data exfiltration, unauthorized access to sensitive information, or even complete system compromise. Attackers may escalate privileges, delete or alter critical data, and potentially take full control of the vulnerable system. In worst-case scenarios, the affected organization may face operational disruptions and data breaches, leading to financial loss and reputational damage.

By using the Security for Everyone (S4E) platform, you can proactively manage your digital assets and uncover critical vulnerabilities like SQL Injection in Intel Neural Compressor. Our platform allows you to schedule automated scans, receive real-time alerts, and prioritize remediation steps to safeguard your systems. Join us to gain comprehensive visibility into your cybersecurity posture, benefit from our easy-to-use interface, and secure your applications before attackers do. Protect your organization’s data and resources with S4E today!

References:

• https://huntr.com/bounties/300bffa9-b240-4201-a1d9-e3ec8d802e4a
• https://nvd.nist.gov/vuln/detail/CVE-2024-22476