ShellTorch is a critical vulnerability in the TorchServe software, as identified by Israeli security firm Oligo. The flaw, which has been assigned two CVE identifiers (CVE-2022-1471 and CVE-2023-43654), allows for server-side request forgery (SSRF) and Java deserialization remote code execution (RCE). This means that an attacker could upload a malicious model from a controlled address, leading to arbitrary code execution. Notably, one of these vulnerabilities arises from TorchServe's default setting that exposes a crucial management API to the internet, which does not require authentication for access.
The ShellTorch vulnerabilities expose PyTorch models to potential remote code execution, posing significant risks to AI and machine learning solutions. An attacker exploiting these flaws can gain high privileges within the AI infrastructure, enabling them to view, modify, steal, and delete AI models, often containing a business's core intellectual property. Moreover, they could access and alter sensitive data flowing in and out from the target TorchServe server, thereby damaging the trust and credibility of the application.
As of now, neither AWS nor Oligo have reported active exploitation of ShellTorch. However, due to the severity of the vulnerabilities and their potential impact, it is advised to correctly configure the management interface to close the major attack vector. While this action mitigates the primary risk, it's important to note that ShellTorch can still be exploited via additional vectors, underscoring the need for comprehensive security measures.
Description last updated: 2024-05-04T17:07:39.147Z