CVE-2024-34883 is a security vulnerability identified in the 1C-Bitrix Bitrix24 collaboration platform, specifically version 23.300.100. The issue arises from insufficient protection of credentials stored within the DAV (Distributed Authoring and Versioning) server settings. This weakness allows remote administrators to extract proxy-server account passwords by sending crafted HTTP GET requests to the vulnerable server. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H) and no user interaction (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The confidentiality impact is high (C:H), while integrity and availability impacts are none (I:N, A:N). This means that while attackers cannot modify or disrupt services, they can obtain sensitive proxy credentials, potentially enabling further unauthorized access or lateral movement within the network. The vulnerability was reserved in May 2024 and published in November 2024. No patches or known exploits have been reported at the time of publication. The lack of patch links suggests that remediation may require vendor updates or configuration changes. The vulnerability's medium severity score of 6.8 reflects the balance between the high confidentiality impact and the requirement for privileged access, limiting the ease of exploitation to administrators only.

The primary impact of CVE-2024-34883 is the disclosure of proxy-server account passwords to remote administrators who can send HTTP GET requests to the DAV server settings. This credential exposure can lead to unauthorized use of proxy accounts, enabling attackers to intercept, redirect, or manipulate network traffic. Organizations relying on Bitrix24 for collaboration and proxy infrastructure may face increased risk of lateral movement, data exfiltration, or further compromise if these credentials are abused. Although exploitation requires high privileges, insider threats or compromised administrator accounts could leverage this vulnerability to escalate access or evade detection. The confidentiality breach could also undermine trust in the affected systems and lead to compliance violations if sensitive network credentials are exposed. Since integrity and availability are not affected, direct service disruption is unlikely, but the indirect consequences of credential theft can be severe. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability details become widely known.

To mitigate CVE-2024-34883, organizations should first verify if they are running the affected Bitrix24 version (23.300.100) with DAV server proxy settings configured. Immediate steps include restricting remote administrator access to the DAV server interface through network segmentation, firewall rules, or VPNs to limit exposure. Administrators should audit and rotate proxy-server account passwords to reduce the risk of credential reuse. Monitoring and logging of HTTP GET requests to the DAV server can help detect suspicious access patterns indicative of exploitation attempts. Until an official patch or update is released by 1C-Bitrix, consider disabling or limiting DAV server proxy features if feasible. Employing multi-factor authentication (MFA) for administrator accounts can reduce the risk of privilege misuse. Finally, maintain up-to-date backups and incident response plans to quickly respond to any compromise stemming from this vulnerability.