CVE-2024-45164

Vulnerability

A broken access control vulnerability exists in the Akamai SIA (Secure Internet Access Enterprise) ThreatAvert component, specifically in the Apps Portal before version 19.2.0.3 or 19.2.0.20240814 and the SPS (Security and Personalization Services) before the latest 19.2.0 patch. The Admin functionality for the ThreatAvert Policy page at the URI /#app/intelligence/threatAvertPolicies lacks proper authorization controls, allowing any authenticated standard user to access and modify policies [1].

Exploitation

An attacker needs only a valid standard user account on the affected Akamai SIA portal. No additional privileges or user interaction are required beyond authentication. The attacker can navigate directly to the URL https://<IP-Address/Hostname>/#app/intelligence/threatAvertPolicies to access the ThreatAvert Policy administration page, which is normally hidden from standard users in the menu [1].

Impact

A successful attacker can view and disable ThreatAvert policy enforcement, effectively bypassing all threat protection rules (e.g., DDoS, PRSD, toll fraud attacks) configured by the administrator. This compromises the integrity and availability of the security controls, potentially leaving the DNS infrastructure exposed to various Internet-based threats [1].

Mitigation

Akamai has addressed this vulnerability in the 19.2.0 SPS release and Apps Portal versions 19.2.0.3 and 19.2.0.20240814. Affected organizations should upgrade to the latest patched version immediately. No workarounds are mentioned in the available references [1].