FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-6445

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Sep 6, 2024 / Updated: 2mo ago

010
CVSS 10EPSS 0.04%Critical
CVE info copied to clipboard

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX versions before v3.5.0.

Impact

This vulnerability has a CVSS v4 base score of 10.0, which is the highest possible severity (CRITICAL). The attack vector is network-based, with low attack complexity and no user interaction required. It affects the confidentiality, integrity, and availability of both the vulnerable and subsequent systems, all rated as HIGH. This means an attacker could potentially access, modify, or destroy sensitive data, compromise system integrity, and disrupt services on both the directly affected system and connected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability affects DataDiodeX versions before v3.5.0, implying that upgrading to version 3.5.0 or later would resolve this issue.

Mitigation

1. Immediately update DataDiodeX to version 3.5.0 or later. 2. If immediate patching is not possible, implement strict input validation and sanitization for all user-supplied input that could be used in file system operations. 3. Apply the principle of least privilege to limit the potential impact of successful exploits. 4. Use network segmentation to isolate systems running vulnerable versions of DataDiodeX. 5. Monitor for suspicious activities that might indicate attempted or successful path traversal attacks. 6. Regularly audit and review file system permissions to ensure they are appropriately restrictive.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6445

Sep 6, 2024 at 2:15 PM
CVSS

A CVSS base score of 10 has been assigned.

Sep 6, 2024 at 2:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-6445. See article

Sep 6, 2024 at 2:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 6, 2024 at 2:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 11.1%)

Sep 7, 2024 at 9:23 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Sep 12, 2024 at 4:15 PM / nvd
Static CVE Timeline Graph

Affected Systems

Dataflowx/datadiodex
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

cveNotify : 🚨 CVE-2024-6445Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.🎖@cveNotify
CTI Feeds - Cybercrime on Telegram / 2mo
cveNotify : 🚨 CVE-2024-6445Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.🎖@cveNotify
CVE-2024-6445
Updated CVEs from Tenable / 2mo
High Severity Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: before v3.5.0. Read more at https://www.tenable.com/cve/CVE-2024-6445
NA - CVE-2024-6445 - Improper Limitation of a Pathname to a...
Security-Database Alerts Monitor : Last 100 Alerts / 2mo
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: before...
CVE-2024-6445 - DataFlowX Technology DataDiodeX Path Traversal Vulnerability
Latest Vulnerabilities / 2mo
CVE ID : CVE-2024-6445 Published : Sept. 6, 2024, 2:15 p.m. 16 minutes ago Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: before v3.5.0. Severity: 0.0
CVE-2024-6445
National Vulnerability Database / 2mo
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 7.5(51562)CWE-22(6658)Dataflowx()

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial