A critical authentication bypass vulnerability has been identified in multiple products, including Canonical MAAS. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the affected system, potentially leading to a complete compromise of the managed infrastructure. Due to the high severity and the potential for full system takeover, immediate remediation is strongly recommended.

The vulnerability exists due to insufficient verification of client requests. An unauthenticated attacker can craft a malicious client request to the RPC (Remote Procedure Call) endpoint. Because the server fails to properly validate the authenticity of the request, it bypasses standard authentication checks, allowing the attacker to execute privileged RPC commands within a MAAS region, effectively granting them administrative control.

This vulnerability is rated as critical severity with a CVSS score of 9.6. Successful exploitation would have a catastrophic business impact, as it allows for a complete takeover of the MAAS environment. An attacker could provision, de-provision, or reconfigure physical servers, leading to widespread service outages, deployment of ransomware, theft of sensitive data stored on managed systems, and a complete loss of integrity and availability for the organization's core infrastructure.

Immediate Action: Update Due to insufficient Multiple Products to the latest version. The vendor has released patches that address this vulnerability by implementing proper verification checks. After patching, monitor for exploitation attempts and review access logs for any anomalous RPC command executions that may have occurred before the update was applied.

Proactive Monitoring: Organizations should enhance monitoring of MAAS region controllers. Specifically, monitor network traffic for malformed or unusual RPC requests. Review MAAS application logs for any command executions originating from unexpected or unauthenticated sources and set up alerts for high-privilege operations that do not correlate with scheduled administrative tasks.

Compensating Controls: If patching is not immediately possible, restrict network access to the MAAS API and RPC endpoints to only trusted IP addresses using strict firewall rules. Consider deploying an Intrusion Prevention System (IPS) or a Web Application Firewall (WAF) with signatures capable of detecting and blocking requests that attempt to exploit this authentication bypass.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization. We strongly recommend prioritizing the deployment of the vendor-provided security updates across all affected systems immediately. The CVSS score of 9.6 indicates that minimal skill is required for exploitation, and the impact is severe. Although CVE-2024-6107 is not currently on the CISA KEV list, its critical nature warrants treatment as a top-priority patch to prevent a potential infrastructure-wide compromise.