CVE-2024-2199 identifies a denial of service (DoS) vulnerability in the 389-ds-base LDAP server, a widely used open-source directory server. The flaw arises from improper input validation when an authenticated user attempts to modify the userPassword attribute with malformed data. This malformed input triggers a server crash, resulting in denial of service. The vulnerability requires the attacker to have valid credentials (authenticated user) but does not require any user interaction beyond that. The attack vector is network-based, and the complexity is low, meaning an attacker with access to the LDAP server and valid credentials can reliably cause a crash. The vulnerability impacts availability (A) but does not compromise confidentiality (C) or integrity (I). The CVSS v3.1 base score is 5.7, reflecting medium severity. No known exploits have been reported in the wild, and no official patches are currently linked, though the issue is publicly disclosed. The vulnerability affects all versions of 389-ds-base as indicated, and given the critical role of LDAP servers in authentication and directory services, this DoS can disrupt enterprise operations and authentication services.

The primary impact of CVE-2024-2199 is denial of service, which can cause LDAP server crashes and disrupt authentication and directory services. Organizations relying on 389-ds-base for user authentication, access control, and directory lookups may experience service outages, potentially affecting internal and external applications dependent on LDAP. This can lead to operational downtime, loss of productivity, and increased support costs. While confidentiality and integrity are not directly impacted, the availability disruption can have cascading effects on business continuity, especially in environments where LDAP is critical for identity management. Attackers with valid credentials can exploit this vulnerability remotely, increasing the risk of targeted disruption. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in environments with less stringent access controls.

To mitigate CVE-2024-2199, organizations should implement the following specific measures: 1) Restrict LDAP user permissions to the minimum necessary, limiting who can modify the userPassword attribute to trusted administrators only. 2) Monitor LDAP server logs for unusual modification attempts or malformed input patterns targeting userPassword changes. 3) Employ network segmentation and access controls to limit LDAP server access to trusted hosts and users. 4) Apply any vendor or community patches as soon as they become available; monitor 389-ds-base project repositories and security advisories for updates. 5) Consider deploying LDAP server redundancy and failover mechanisms to minimize service disruption in case of a crash. 6) Conduct regular security audits and penetration tests focusing on LDAP input validation and authentication controls. 7) If possible, implement input validation or filtering at the application layer before requests reach the LDAP server to block malformed inputs. These targeted actions go beyond generic advice by focusing on access control, monitoring, and architectural resilience specific to this vulnerability.