Exploit
CVE-2024-10379

Path Traversal: '../filedir' (CWE-24)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A path traversal vulnerability has been identified in ESAFENET CDG 5, specifically in the actionViewDecyptFile function of the /com/esafenet/servlet/client/DecryptApplicationService.java file. This vulnerability allows an attacker to manipulate the decryptFileId argument with the input "../../../Windows/System32/drivers/etc/hosts", potentially leading to unauthorized access to files outside the intended directory.

Impact

This vulnerability has a high severity impact on confidentiality. An attacker can exploit this flaw to access sensitive files on the system, potentially leading to unauthorized disclosure of critical information. The attack can be launched remotely, increasing its potential reach and impact. Given the nature of path traversal vulnerabilities, an attacker could potentially access configuration files, system files, or other sensitive data stored on the server, which could lead to further compromise of the system or network.

Exploitation

One proof-of-concept exploit is available on flowus.cn. There is no evidence of proof of exploitation at the moment.

Patch

As of now, there is no mention of an available patch for this vulnerability. The vendor, ESAFENET, was contacted about this disclosure but did not respond, suggesting that a patch may not be immediately available.

Mitigation

In the absence of a patch, the following mitigation strategies are recommended: 1. Implement strict input validation for the decryptFileId parameter in the actionViewDecyptFile function, rejecting any input containing path traversal sequences. 2. Use a whitelist of allowed file paths or implement a chroot environment to restrict file access. 3. Apply the principle of least privilege to the application, limiting its access to only necessary files and directories. 4. Consider implementing additional access controls or file integrity monitoring to detect and prevent unauthorized file access. 5. If possible, temporarily disable the vulnerable function until a proper fix can be applied. 6. Monitor for any suspicious activity or unauthorized access attempts targeting the vulnerable component.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-10379

Oct 25, 2024 at 12:15 PM
First Article

Feedly found the first article mentioning CVE-2024-10379. See article

Oct 25, 2024 at 12:19 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 25, 2024 at 12:19 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.6%)

Oct 26, 2024 at 10:49 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 30, 2024 at 6:55 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 30, 2024 at 9:10 PM
Static CVE Timeline Graph

Affected Systems

Esafenet/cdg
+null more

Exploits

https://flowus.cn/share/0b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

CVE-2024-10379 Exploit
CVE Id : CVE-2024-10379 Published Date: 2024-10-30T18:54:00+00:00 A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way.
CVE Alert: CVE-2024-10379 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-10379/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_10379
CVE-2024-10379
Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. Gravedad 3.1 (CVSS 3.1 Base Score)
NA - CVE-2024-10379 - A vulnerability classified as problematic was...
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file...
Vulnerability in CDG 5 Allows Path Traversal and Remote Code Execution
Esafenet - MEDIUM - CVE-2024-10379 A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI