top of page

CVE-2024-10965: Information Disclosure in EMQX Neuron Vulnerability Fix

  • Writer: Aakash Rahsi
    Aakash Rahsi
  • Nov 26, 2024
  • 2 min read

EMQX Neuron Vulnerability Fix
EMQX Neuron Vulnerability Fix

Overview : EMQX Neuron Vulnerability Fix

Description: 

A vulnerability was discovered in EMQX Neuron Vulnerability Fix up to version 2.10.0, specifically in the /api/v2/schema endpoint of the JSON File Handler component.

Severity: Medium

Potential Impact

  1. Information Disclosure: Improper handling of JSON schema files may expose sensitive data, potentially compromising system security.

  2. Root Cause: Incorrect handling of JSON schema inputs, leading to unintended data exposure.

Affected Systems

  • EMQX Neuron: Versions up to 2.10.0

Fix

Solution:

Update to EMQX Neuron version 2.10.1 or later, where the vulnerability has been addressed.

Silent Installation and Deployment Across Tools

Deployment Commands

  • Silent Installation:

    msiexec /i "EMQXUpdate.msi" /quiet /norestart

  • Normal Installation:

    msiexec /i "EMQXUpdate.msi"

Tools and Steps

Microsoft Intune

  1. Upload the EMQX update .msi file to Microsoft Endpoint Manager.

  2. Assign the update to affected device groups.

  3. Configure deployment with the silent command.

SCCM

  1. Import the EMQX update package into SCCM.

  2. Assign it to collections of affected devices.

  3. Schedule deployment and monitor success.

NinjaOne

  1. Upload the .msi file under Software Deployment.

  2. Assign target devices and schedule the update.

Datto RMM

  1. Add the .msi file to Datto RMM Deployment.

  2. Use the silent install command for configuration.

  3. Assign devices and initiate the update.

ConnectWise RMM

  1. Upload the .msi file to ConnectWise Automate.

  2. Assign devices or groups for deployment.

Pulseway

  1. Add the .msi file under Patch Management.

  2. Set the silent installation command and assign devices.

MSP360 RMM

  1. Navigate to Manage Software.

  2. Add the .msi file and configure silent installation.

  3. Deploy to systems.

Release Date

November 7, 2024

Benefits of Patching

  1. Data Protection: Prevents unintended exposure of sensitive JSON schema data.

  2. Improved System Security: Addresses critical gaps in handling schema files.

  3. Compliance Readiness: Enhances compliance with data protection standards.

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page