"Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies"

According to security researchers at Oligo, a series of critical vulnerabilities impacting a tool called TorchServe could allow threat actors to take complete control of servers that are part of the artificial intelligence (AI) infrastructure of some of the world’s largest companies.  TorchServe is an open source package in PyTorch, a machine learning framework used for applications such as computer vision and natural language processing.  The researchers noted that PyTorch is currently part of the Linux Foundation and received significant contributions from Meta (its original developer) and AWS.  TorchServe is used by organizations worldwide and has more than 30,000 PyPi downloads every month and over one million DockerHub pulls.  It’s used by major companies such as Amazon, Google, Intel, Microsoft, Tesla and Walmart.  The researchers found that TorchServe is affected by three vulnerabilities, including two that have been assigned a ‘critical severity’ rating.  Only one CVE identifier has been assigned, CVE-2023-43654.  The researchers stated that one of the issues is a default misconfiguration that results in the TorchServe management interface being exposed to remote access without authentication.  The other two vulnerabilities can be exploited for remote code execution, through server-side request forgery (SSRF) and through unsafe deserialization.  The researchers noted that by using a simple IP scanner, they were able to identify tens of thousands of instances that could be vulnerable to attacks, including many belonging to Fortune 500 companies. 

SecurityWeek reports: "Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies"