CVE-2024-37779

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Sep 23, 2024 / Updated: 57d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

WoodWing Elvis DAM v6.98.1 contains an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. This vulnerability is associated with CWE-94 (Improper Control of Generation of Code) and CWE-75 (Failure to Sanitize Special Elements into a Different Plane).

Impact

This vulnerability allows an authenticated attacker to execute arbitrary commands remotely on the affected system. Given the CVSS v3.1 base score of 8.8 (High severity), the impact is significant. The vulnerability affects all three main security aspects - confidentiality, integrity, and availability - with a high impact rating for each. Attackers can potentially access sensitive information, modify system data, or disrupt system operations. The attack vector is network-based, requires low attack complexity, and no user interaction, making it relatively easy to exploit.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch. The security team should monitor for updates from WoodWing for a patched version of Elvis DAM that addresses this vulnerability.

Mitigation

While waiting for an official patch, the security team should consider the following mitigation strategies: 1. Limit network access to the WoodWing Elvis DAM system, especially from untrusted networks. 2. Implement strong authentication mechanisms and review user privileges to ensure the principle of least privilege. 3. Monitor and audit all activities related to the Apache Ant script functionality within WoodWing Elvis DAM. 4. If possible, disable or restrict access to the Apache Ant script functionality until a patch is available. 5. Implement network segmentation to isolate the affected systems. 6. Regularly monitor for any suspicious activities or unauthorized changes in the system. 7. Keep all related systems and software up-to-date with the latest security patches. 8. Consider implementing additional security controls such as Web Application Firewalls (WAF) to help detect and prevent potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-37779

Sep 23, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-37779. See article

Sep 23, 2024 at 8:21 PM / National Vulnerability Database
CVSS

A CVSS base score of 5.7 has been assigned.

Sep 23, 2024 at 8:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 24, 2024 at 9:33 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Sep 27, 2024 at 2:40 PM / nvd
Static CVE Timeline Graph

Links to Mitre Att&cks

T1070: Indicator Removal on Host
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like ‘give_title’ and ‘card_address’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase–Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a–n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom--GiveWP Donation Plugin and Fundraising Platform The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase--Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a--n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
CVE Alert: CVE-2024-37779 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-37779/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_37779
CVE Alert: CVE-2024-37779
Everyone that supports the site helps enable new functionality. No affected endpoints listed.
CVE-2024-37779
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. CVE-2024-37779 originally published on CyberSecurityBoard
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI