CVE-2024-11312

Relative Path Traversal (CWE-23)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 9.8EPSS 0.09%Critical
CVE info copied to clipboard

Summary

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Impact

This vulnerability has a severe impact on the affected systems. Unauthenticated remote attackers can exploit this flaw to upload arbitrary files to any directory on the target system. This can lead to arbitrary code execution, typically through the upload of malicious webshells. The potential consequences include: 1. Complete system compromise: Attackers can gain full control over the affected server. 2. Data breach: Unauthorized access to sensitive information stored on the server. 3. Service disruption: Potential to manipulate or destroy critical system files. 4. Lateral movement: Use of the compromised system as a stepping stone to attack other parts of the network. The vulnerability is particularly dangerous due to its network-based attack vector, requiring no user interaction or privileges, and affecting the confidentiality, integrity, and availability of the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information provided, there is no mention of an available patch for this vulnerability. The security team should monitor official TRCore communications and security advisories for updates on patching information.

Mitigation

While awaiting an official patch, consider implementing the following mitigation strategies: 1. Network segmentation: Restrict network access to the affected DVC components. 2. Implement strict input validation: Enforce rigorous file type and content checks for all file uploads. 3. Use Web Application Firewall (WAF): Configure rules to detect and block potential path traversal and unrestricted file upload attempts. 4. Principle of least privilege: Ensure the DVC service runs with minimal necessary permissions. 5. Regular security audits: Conduct frequent scans and penetration tests to identify and address similar vulnerabilities. 6. Monitor system activity: Implement robust logging and monitoring to detect any suspicious file operations or unauthorized access attempts. 7. Backup critical data: Ensure regular backups are in place to mitigate potential data loss from successful attacks. Given the severity of this vulnerability, it is crucial to prioritize these mitigation efforts while actively seeking updates for a permanent fix from TRCore.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-11312

Nov 18, 2024 at 7:15 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 18, 2024 at 7:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-11312. See article

Nov 18, 2024 at 7:27 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 18, 2024 at 7:27 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 40.3%)

Nov 19, 2024 at 9:42 AM
Static CVE Timeline Graph

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

News

Critical - CVE-2024-11312 - The DVC from TRCore has a Path Traversal...
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...
CVE-2024-11312 | TRCore DVC up to 6.3 path traversal
A vulnerability was found in TRCore DVC up to 6.3 . It has been rated as very critical . Affected by this issue is some unknown functionality. The manipulation leads to relative path traversal. This vulnerability is handled as CVE-2024-11312 . The attack may be launched remotely. There is no exploit available.
CVE-2024-11312 - TRCore DVC Path Traversal and Arbitrary Code Execution November 18, 2024 at 07:15AM https:// ift.tt/6v3quAE # CVE # IOC # CTI # ThreatIntelligence # ThreatIntel # Cybersecurity # Recon
TRCore DVC - Arbitrary File Upload through Path Traversal
Trcore - CRITICAL - CVE-2024-11312 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11312 - TRCore DVC Path Traversal and Arbitrary Code Execution
CVE ID : CVE-2024-11312 Published : Nov. 18, 2024, 7:15 a.m. 45 minutes ago Description : The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. Severity: 9.8
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI