Shelltorch

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
ShellTorch is a critical vulnerability in the TorchServe software, as identified by Israeli security firm Oligo. The flaw, which has been assigned two CVE identifiers (CVE-2022-1471 and CVE-2023-43654), allows for server-side request forgery (SSRF) and Java deserialization remote code execution (RCE). This means that an attacker could upload a malicious model from a controlled address, leading to arbitrary code execution. Notably, one of these vulnerabilities arises from TorchServe's default setting that exposes a crucial management API to the internet, which does not require authentication for access. The ShellTorch vulnerabilities expose PyTorch models to potential remote code execution, posing significant risks to AI and machine learning solutions. An attacker exploiting these flaws can gain high privileges within the AI infrastructure, enabling them to view, modify, steal, and delete AI models, often containing a business's core intellectual property. Moreover, they could access and alter sensitive data flowing in and out from the target TorchServe server, thereby damaging the trust and credibility of the application. As of now, neither AWS nor Oligo have reported active exploitation of ShellTorch. However, due to the severity of the vulnerabilities and their potential impact, it is advised to correctly configure the management interface to close the major attack vector. While this action mitigates the primary risk, it's important to note that ShellTorch can still be exploited via additional vectors, underscoring the need for comprehensive security measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
CVE-2022-1471
1
CVE-2022-1471 is a high-risk vulnerability, with a score of 9.8, found in the SnakeYAML library. This flaw, which is part of a set of vulnerabilities collectively known as "ShellTorch," allows for remote code execution (RCE). Specifically, an attacker can exploit this vulnerability to upload a malic
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
RCE (Remote ...
Aws
Lateral Move...
Remote Code ...
Exploits
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-43654Unspecified
2
None
Shelltorch CveUnspecified
1
None
Source Document References
Information about the Shelltorch Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Cyber Security Week in Review: October 6, 2023
CERT-EU
10 months ago
Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google
BankInfoSecurity
10 months ago
Amazon Web Services Warns of TorchServe Flaws
CERT-EU
10 months ago
Cyber Security Today, Oct. 4, 2023 – Critical vulnerabilities found in Linux and TorchServe | IT World Canada News
CERT-EU
10 months ago
Looney Tunables - Linux Vulnerability Exposes Millions of Systems to Attack
CERT-EU
10 months ago
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
CERT-EU
10 months ago
ShellTorch Flaw Exposes Thousands of AI Servers to RCE Attacks
CERT-EU
10 months ago
ShellTorch Vulnerabilities Expose PyTorch Models to Remote Code Execution
CERT-EU
10 months ago
ShellTorch vulns expose PyTorch models to remote code execution
CERT-EU
10 months ago
ShellTorch flaws expose AI servers to code execution attacks