On September 26, 2024, a security researcher identified multiple vulnerabilities in the Linux Common Unix Printing System (CUPS). The following are the vulnerabilities found in OpenPinting CUPS:

The most severe of these vulnerabilities is CVE-2024-47177, which is classified as a Critical severity and has a CVSS score of 9.0.

To exploit this vulnerability, the following conditions must be met:

1. The Linus CUPS-browsed service is manually enabled.

2. An attacker has access to a vulnerable server, which allows unrestricted access, such as to the public internet, or gains access to an internal network where the local connections are trusted.

3. The attacker advertises a malicious Internet Printing Protocol (IPP) server, providing a malicious printer.

4. A potential victim attempts to print from a malicious device.

5. An attacker executes arbitrary code on the victim’s machine.

Impacted IONOS Cloud Products

Linux CUPS vulnerabilities do not impact any of the IONOS Cloud products.

What action has IONOS Cloud taken to mitigate the severity?

This vulnerability does not impact IONOS Cloud products. Hence, no action is needed.

What action can you take to mitigate the vulnerability?

Users should review their use of Linux CUPS and, if enabled, follow the vendor-specific guidance to patch the environment.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

On October 18, 2024, Grafana Labs disclosed a vulnerability introduced in Grafana 11 that may allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise.

This vulnerability is assigned the CVE ID CVE-2024-9264 and classified as Critical severity with a CVSS score of 9.9. For more information about the technical details of the vulnerability, refer to Grafana's official advisory.

Impacted IONOS Cloud Products

Risk on IONOS Cloud environment

IONOS Cloud infrastructure and services do not utilize the vulnerable version of Grafana, so they are not impacted.

What action can you take to mitigate the vulnerability?

If you are using custom images, we advise you to refer to the information provided by the Operating System (OS) vendor to address any concerns from this reported issue.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

On October 04, 2024, Redis disclosed multiple vulnerabilities regarding the Redis In-Memory Database. As per the available information, the following are the vulnerability details:

The most severe of these vulnerabilities is CVE-2024-31449, which is classified as a High severity and has a CVSS score of 8.8. It could allow remote attackers to execute arbitrary code on affected systems.

Impacted IONOS Cloud Products

Risk on IONOS Cloud user environment

Although the design of our database product did not allow the remote users to exploit the vulnerability, IONOS has rolled out the patched versions. As of now, there is no known exploit for these reported vulnerabilities.

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud has already rolled out the patched versions for the reported vulnerabilities.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:

The most severe of these vulnerabilities is CVE-2024-34010 and is classified as a High severity with CVSS score of 8.2. The attack vectors related to these vulnerabilities are still not known.

Impacted IONOS Cloud Products

What action has IONOS Cloud taken to mitigate the severity?

There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Storage & Backup users.

What action can you take to mitigate the vulnerability?

You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the Downloads section in the Backup Unit Management console if the auto-update is not enabled.

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

References

Acronis Advisory Database

Arbitrary command execution through gitRepo volume

On November 20, 2024, the Kubernetes Security Response Committee disclosed a vulnerability that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary.

The Kubernetes Security Response Committee assigned this vulnerability the CVE ID CVE-2024-10220 and classified it as High severity with a CVSS score of 8.1.

Impacted IONOS Cloud Products

Risk on IONOS Cloud environment

IONOS Cloud infrastructure and services do not utilize the vulnerable versions of Managed Kubernetes, so they are not impacted.

What action can you take to mitigate the vulnerability?

If you use affected Managed Kubernetes versions, upgrading your clusters to one of the following fixed versions is recommended:

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

Here is a list of vulnerabilities detected in 2024:

Remote Code Execution (RCE) in OpenSSH

On July 01, 2024, OpenSSH disclosed a vulnerability in Portable OpenSSH versions between 8.5 and 9.7 that may allow arbitrary code execution with root privileges in default configurations. The vulnerability is named regreSSHion.

The CVE ID CVE-2024-6387 is assigned to this vulnerability and classified as Critical severity with a CVSS score of 8.1. For more information about the technical details of the vulnerability, refer to the official advisory.

Impacted IONOS Cloud products

Risk on IONOS Cloud user environment

We do not see any sign of active exploitation of this vulnerability in our infrastructure or user environment. Cloud-provided compute engines already use the patched version of OpenSSH, so there is no risk to the cloud user environment.

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud has already started the patching process for the affected products and services. The patching status is complete for Compute Engine, is ongoing for Managed Kubernetes, and will be updated once completed.

What action can you take to mitigate the vulnerability?

Users using compute engines with affected distribution should patch as per the vendor security guidelines. No action is required from the users using the Managed Kubernetes environment.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

A security researcher discovered a security issue in Kubernetes where an unauthorized user may be able to SSH to a node VM, which uses a VM image built with the Kubernetes Image Builder project. The vulnerable images contain a pre-configured user with a weak default password, which can be accessed via SSH. The user can then use "sudo" to escalate privileges to root.

The following are the vulnerabilities found in Kubernetes Image Builder:

The most severe of these vulnerabilities is CVE-2024-9486, which is classified as Critical severity with a CVSS score of 9.8.

Impacted IONOS Cloud Products

Risk on IONOS Cloud user environment

The IONOS-provided managed Kubernetes environment is not based on Proxmox Image Builder, so CVE-2024-9486 does not impact our infrastructure and user environments. However, some parts of our infrastructure use QEMU to build clusters and are impacted by CVE-2024-9594. Even though CVE-2024-9594 is rated as medium, we consider this issue very low severity as we already have the required mitigation to prevent the mentioned attack vector on our infrastructure. At the moment, no active exploitation of these vulnerabilities is known.

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud will apply the patch to the affected products and services soon. We will update the patching status once the process is complete.

What action can you take to mitigate the vulnerability?

IONOS Cloud owns the patching responsibility, and no action is required from the user.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

Backdoor in XZ Utils

On March 29, 2024, the Openwall oss-security published information about a backdoor in the compression utility/library xz/liblzma. This backdoor affects sshd in some rolling and testing Linux distributions. The CVE ID is assigned to this vulnerability and has a Critical severity with Common Vulnerability Scoring System (CVSS) of 10 score.

For more information, refer to the official .

Impacted IONOS Cloud products

IONOS Cloud infrastructure and services do not utilize the vulnerable software, so they are not impacted.

What action can you take to mitigate the vulnerability?

If you are using custom images, we advise you to refer to the information provided by the Operating System (OS) vendor to address any concerns from this reported issue.

How can I get help?

If you have further questions or concerns about this vulnerability, contact .

Fluent Bit Memory Corruption Vulnerability

On May 20, 2024, Tenable Research published information about a memory corruption vulnerability in Fluent Bit that may result in a denial of service, information disclosure, or remote code execution. For more information, refer to the .

The CVE ID is assigned to this vulnerability and classified as a Critical severity with a CVSS score of 9.8 by Tenable Research. For further technical details about the vulnerability, refer to .

Impacted IONOS Cloud products

IONOS Cloud infrastructure and services do not utilize the vulnerable software and are not impacted.

What action can you take to mitigate the vulnerability?

Users using Fluent Bit versions 2.0.7 through 3.0.3 in their are vulnerable and must update their software to 2.2.3 or 3.0.4.

How can I get help?

If you have further questions or concerns about this vulnerability, contact .

Container Escape via runc

On January 31, 2024, cybersecurity company Snyk disclosed a vulnerability in all versions of runc, up to and including 1.1.11, which is utilized by the Docker engine and other containerization technologies like Kubernetes.

The runc application is used for spawning and running containers on Linux. The vulnerability enables containerized escape for attackers that execute a malicious image or build an image using a malicious Dockerfile or an upstream image.

The CVE ID CVE-2024-21626 is assigned to this vulnerability and has a High severity with Common Vulnerability Scoring System (CVSS) of 8.6 score. For more information about the technical details of the vulnerability, see the official runc advisory and the analysis by Snyk.

Impacted IONOS Cloud products

What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We own the patching responsibilities and have already completed patching to update runc version 1.1.12.

What action can you take to mitigate the vulnerability?

As a best practice, ensure that Docker images use trusted and verified sources. No patching is required from your end.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.