CVE-2024-22108 is a critical security vulnerability identified in the GTB Central Console version 15.17.1-30814.NG. The vulnerability exists in the method setTermsHashAction located in the file /opt/webapp/lib/PureApi/CCApi.class.php. This method is accessible via the /ccapi.php endpoint and is vulnerable to an unauthenticated SQL injection attack. An attacker can exploit this flaw without any prior authentication or user interaction, which allows them to execute arbitrary SQL commands on the backend database. Specifically, the attacker can leverage this vulnerability to change the Administrator password to a known value, effectively gaining full administrative control over the affected system. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), indicating that user input is not properly sanitized before being incorporated into SQL queries. The CVSS v3.1 base score is 9.8, reflecting the critical nature of this vulnerability with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No patches or vendor advisories are currently listed, and there are no known exploits in the wild at the time of publication. However, the severity and ease of exploitation make this a high-risk vulnerability that demands immediate attention.

For European organizations, this vulnerability poses a significant threat, especially those using GTB Central Console 15.17.1-30814.NG or similar versions. Successful exploitation results in complete compromise of the administrative account, allowing attackers to manipulate configurations, access sensitive data, disrupt operations, or deploy further malware. This can lead to severe confidentiality breaches, data loss, and operational downtime. Critical infrastructure, financial institutions, government agencies, and enterprises relying on GTB Central Console for centralized management are particularly at risk. The unauthenticated nature of the exploit means attackers can launch attacks remotely without prior access, increasing the likelihood of widespread exploitation. Given the criticality of administrative access, the integrity and availability of systems managed through this console are at high risk, potentially impacting business continuity and regulatory compliance under GDPR and other European data protection laws.

Immediate mitigation steps include isolating the affected GTB Central Console instances from external networks to prevent remote exploitation. Organizations should conduct a thorough audit of their GTB Central Console deployments to identify affected versions. Since no official patches are currently available, applying virtual patching via Web Application Firewalls (WAFs) to detect and block SQL injection attempts targeting /ccapi.php is recommended. Implement strict input validation and parameterized queries if custom modifications are possible. Monitor logs for suspicious activity related to /ccapi.php and any unauthorized password changes. Restrict network access to the management console to trusted IP addresses only. Additionally, prepare for rapid incident response by backing up configurations and credentials securely. Once vendor patches or updates become available, prioritize immediate deployment. Educate security teams about this vulnerability to enhance detection and response capabilities.