Lucene search

TwcertCVE-2024-7694

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-7694

2024-08-1213:38:58

CWE-434

twcert

web.nvd.nist.gov

threatsonar

anti-ransomware

arbitrary file upload

teamt5

remote attackers

administrator privileges

system command execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

Affected configurations

Nvd

Node

teamt5threatsonar_anti-ransomwareRange<3.5.0

VendorProductVersionCPE
teamt5threatsonar_anti-ransomware*cpe:2.3:a:teamt5:threatsonar_anti-ransomware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
teamt5	threatsonar_anti-ransomware	*	cpe:2.3:a:teamt5:threatsonar_anti-ransomware::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ThreatSonar Anti-Ransomware",
    "vendor": "TeamT5",
    "versions": [
      {
        "lessThanOrEqual": "3.4.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html

www.twcert.org.tw/tw/cp-132-7998-d76dd-1.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2024-7694