OpenAI's ChatGPT infrastructure under active attack: CVE-2024-27564 exploitation

A security vulnerability in OpenAI's ChatGPT infrastructure is currently being actively exploited by threat actors. 

The vulnerability is tracked as CVE-2024-27564 (CVSS score 6.5), is a Server-Side Request Forgery (SSRF) flaw that allows attackers to inject malicious URLs into input parameters, forcing the application to make unintended requests on their behalf.

The vulnerability affects the pictureproxy.php file, allowing attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests. Despite being classified as medium severity, this flaw has become a significant real-world attack vector. It was initially reported in September 2023 and publicly disclosed approximately one year ago, with proof-of-concept exploit code available for some time.

According to research by Veriti, the attack campaign shows concerning patterns:

• Over 10,479 attack attempts observed from a single malicious IP within just one week
• Multiple attackers involved in the exploitation
• 35% of organizations analyzed remain vulnerable due to misconfigurations in their protection systems
• Primary targets include government organizations in the US and financial institutions globally

The attackers appear to be focusing on government organizations (primarily in the US), financial institutions (in the US, Germany, Thailand, Indonesia, Colombia, and UK) and healthcare.

Companies are targeted through their implementation and integration with ChatGPT:

1. API Integrations: Many companies integrate ChatGPT through APIs into their own applications, websites, and services. When they implement these integrations, they often create proxy services or middleware that connects their systems to OpenAI's infrastructure.
2. Custom Deployments: Some organizations deploy custom versions or implementations of ChatGPT-like services that might share similar code or infrastructure components as OpenAI's original service.
3. Self-hosted Instances: Larger organizations sometimes run their own instances of AI models similar to ChatGPT, which might have similar vulnerabilities.
4. Internal Proxies: The pictureproxy.php means that the vulnerability  affects a proxy service that handles image-related requests between internal systems and OpenAI's services.

These integration points often have access to both internal company resources and external AI services, creating a pathway for attackers to pivot from the exposed service to more sensitive internal systems.

Successful exploitation of this vulnerability could lead to data breaches, unauthorized transactions, regulatory penalties and reputational damage

The report identifies several IP addresses involved in the attacks, including:

• 31.56.56[.]156
• 38.60.191[.]7
• 94.156.177[.]106
• 159.192.123[.]190
• 119.82.255[.]34
• 103.251.223[.]127
• 104.143.229[.]115
• 114.10.44[.]40
• 116.212.150[.]192
• 145.223.59[.]188
• 167.100.106[.]99
• 174.138.27[.]119
• 212.237.124[.]38
• 216.158.205[.]221

Security teams are advised to:

1. Check IPS, WAF, and Firewall configurations for protection against CVE-2024-27564
2. Monitor logs for attack attempts from the known attacker IPs
3. Prioritize AI-related security gaps in risk assessments
4. Address this vulnerability promptly, regardless of its medium-severity classification
5. Review and correct any misconfigurations in security solutions