CVE-2024-22107 is a high-severity vulnerability affecting GTB Central Console version 15.17.1-30814.NG. The vulnerability resides in the method systemSettingsDnsDataAction located in the SystemSettingsController.php file of the web application component. Specifically, the endpoint /old/react/v1/api/system/dns/data is vulnerable to command injection attacks. An authenticated attacker can exploit this vulnerability by injecting arbitrary commands through this endpoint, which the system then executes. This type of vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not properly sanitized before being passed to system-level commands. The CVSS 3.1 base score is 7.2, reflecting a high severity level with network attack vector, low attack complexity, but requiring high privileges (authenticated user) and no user interaction. The impact includes full compromise of confidentiality, integrity, and availability of the affected platform, as arbitrary commands can lead to data theft, system manipulation, or denial of service. No known exploits are currently reported in the wild, and no vendor patches or mitigations have been linked yet. The vulnerability was published on February 2, 2024, and has been enriched by CISA, indicating recognition by US cybersecurity authorities. The lack of detailed vendor or product information limits the scope of direct vendor-specific guidance but the technical nature suggests that the vulnerability affects a web-based management console used for system settings, likely in enterprise environments.

For European organizations using GTB Central Console or similar platforms, this vulnerability poses a significant risk. Since exploitation requires authentication, insider threats or compromised credentials could lead to full system compromise. Attackers could execute arbitrary commands, potentially leading to data breaches, disruption of critical services, or lateral movement within networks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure. The ability to execute commands remotely over the network increases the attack surface, and the high impact on confidentiality, integrity, and availability could result in regulatory penalties under GDPR if personal data is exposed or systems are disrupted. Additionally, the lack of patches means organizations must rely on compensating controls until a fix is available, increasing operational risk.

1. Immediately restrict access to the affected endpoint (/old/react/v1/api/system/dns/data) to trusted administrators only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 3. Monitor logs for unusual or unauthorized command execution attempts, focusing on the vulnerable endpoint. 4. Implement strict input validation and sanitization at the application layer to prevent command injection, if source code access and modification are possible. 5. Apply principle of least privilege to all user accounts to limit the potential damage from a compromised account. 6. If possible, disable or remove legacy or unused API endpoints to reduce attack surface. 7. Engage with the vendor or community to obtain patches or updates as soon as they become available. 8. Conduct regular security assessments and penetration testing focusing on web application endpoints to detect similar vulnerabilities early.