Home > Cyber News > CVE-2023-48022: ShadowRay Flaw a Critical Threat to AI Infrastructure
CYBER NEWS

CVE-2023-48022: ShadowRay Flaw a Critical Threat to AI Infrastructure

by   |  Last Update:  |  0 Comments  

The Oligo research team recently uncovered an ongoing attack campaign, dubbed ShadowRay, targeting a vulnerability in Ray, a widely utilized open-source AI framework. This vulnerability, currently unresolved and lacking a patch, poses a critical threat to thousands of companies and servers running AI infrastructure.

Exploiting this vulnerability allows attackers to seize control of companies’ computing power and potentially expose sensitive data. The flaw has been actively exploited for the past 7 months, affecting various sectors such as education, cryptocurrency, and biopharma. To mitigate risks, all organizations employing Ray are urged to assess their environments for exposure and examine any suspicious activity.

CVE-2023-48022 ShadowRay Flaw a Critical Threat to AI Infrastructure

CVE-2023-48022 Has a Critical CVSS Score of 9.8

The security flaw, identified as CVE-2023-48022 with a critical CVSS score of 9.8, allows remote attackers to execute arbitrary code via the job submission API. This lapse in authentication control within Ray’s Dashboard and Client components grants unauthorized actors the ability to submit, delete, and retrieve jobs, as well as execute remote commands.




Despite being under active attack since September 2023, Anyscale, the developers and maintainers of Ray, have not addressed the issue as of now, citing long-standing design decisions. They intend to integrate authentication in a future release as part of a broader security strategy.

Observations by cybersecurity researchers reveal that hackers have successfully breached numerous Ray GPU clusters, potentially compromising a wealth of sensitive data. This includes production database passwords, SSH keys, access tokens, and the ability to manipulate models.

Furthermore, compromised servers have been observed to harbor cryptocurrency miners and tools for persistent remote access. The utilization of an open-source tool named Interactsh further complicates detection efforts, allowing attackers to operate clandestinely.

Infiltrating a Ray production cluster presents hackers with a lucrative opportunity. With valuable data and remote code execution capabilities, attackers can monetize their activities while remaining virtually undetectable.

Mitigation Strategies

Oligo proposes the following mitigation measures to minimize the risk of CVE-2023-48022-based exploits:

  1. Adhere to the best practices for securing Ray deployments.
  2. Initiate Ray within a secured, trusted environment.
  3. Implement firewall rules or security groups to thwart unauthorized access.
  4. Apply authorization atop the Ray Dashboard port (default: 8265):
    • If Ray’s dashboard needs accessibility, deploy a proxy incorporating an authorization layer to the Ray API when exposing it over the network.
  5. Regularly monitor production environments and AI clusters for anomalies, including within Ray.
  6. Recognize that Ray relies on arbitrary code execution for functionality. Traditional Code Scanning and Misconfiguration tools may fail to detect such attacks, as Ray’s open-source maintainers (Anyscale) have marked them as disputed rather than bugs, constituting a feature at the time of writing.
  7. Avoid binding on 0.0.0.0 for simplicity. It’s advisable to utilize an IP address from an explicit network interface, such as the IP within your local network subnet or a trusted private VPC/VPN.
  8. Exercise caution with defaults. Verify settings thoroughly; sometimes tools presume familiarity with their documentation.
  9. Select appropriate tools. While open-source maintainers shoulder some responsibility, the technical onus of securing open source falls on users. Utilize tools designed to protect production workloads from the risks inherent in runtime use of open source.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. CVE-2023-34060: Critical VMware Flaw Poses Significant Risks VMware has issued a warning about a critical and unpatched...
  3. Ransomware 2017: Critical Errors in Critical Infrastructure Ransomware has been the primary online threat for the past...
  4. CVE-2023-25610: Critical Flaw in FortiOS and FortiProxy Fortinet has identified and fixed 15 security flaws, one of...
  5. Kinsing Threat Group Now Exploiting Critical CVE-2023-46604 The Kinsing threat actors recently started exploiting a critical security...
  6. January 2023 Patch Tuesday Fixes Actively Exploited CVE-2023-21674 The first Patch Tuesday fixes shipped by Microsoft for 2023...
  7. Linux Threat Landscape 2021: Most Prevalent Malware and Vulnerabilities What are the threats endangering Linux systems? Security researchers from...
  8. CVE-2023-7028: GitLab Fixes Critical Account-Hijacking Flaws GitLab has released crucial security updates for both its Community...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree