.webp)
Summary
A vulnerability has been discovered in Vim, an open-source text editor program. It is identified as CVE-2024-22667 (CVSSv3: 7.8) and is a stack-based buffer overflow vulnerability. A proof-of-concept exploit was created for this vulnerability and has been subsequently patched in Vim versions 9.0.2142 and later. Due to NetApp utilizing this tool in a number of their products, there are also several of them which are under investigation at this time.
Impact Assessment
This vulnerability is high severity and has exploit code available on GitHub which should make it a medium-high priority for patching. Note that this vulnerability requires a local attacker which could change prioritization.
It currently impacts all Vim installations prior to 9.0.2142.
There are currently several NetApp products which are under investigation for this vulnerability, they are not confirmed to be affected at this time.
- Active IQ Unified Manager for VMware vSphere
- Cloud Volumes ONTAP Mediator
- NetApp HCI Compute Node (Bootstrap OS)
- NetApp SolidFire & HCI Management Node
- NetApp SolidFire & HCI Storage Node (Element Software)
- ONTAP Select Deploy administration utility
- ONTAP tools for VMware vSphere 10
- ONTAP tools for VMware vSphere 9
- SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine
Remediation
Details on how to update/download vim can be found on their website.
What it means for you
If you use Vim, updating to the latest version is highly recommended. If you use one of the NetApp products described above, follow their latest advisory for news on potential patches.
Business Implications
If exploited, this vulnerability will allow for a buffer overflow, giving a local attacker the ability to potentially inject malicious code onto the target system. If the attacker is able to get local access to a system there is already a major vulnerability in your organization’s security to some capacity. This could cause great monetary, data, and reputational loss if a vulnerability such as this is able to be exploited on your network.
Access Point Consulting Recommends
Patch: Ensure to update Vim to the latest version or at least apply the security update on version 9.0.2142.
Physical Security: It is important not to overlook physical security, as this vulnerability has a local attacker vector it requires the attacker to physically be at the machine to perform the exploit. You could have the most robust network infrastructure, but it would be all for naught if an malicious actor is able to access a system in your office or walk into your server room.
Associated Bulletins
https://nvd.nist.gov/vuln/detail/CVE-2024-22667
https://www.vim.org/download.php
https://security.netapp.com/advisory/ntap-20240223-0008/
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47
.jpg)
