CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-11944

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01782/1

CVE-2024-11944 affects iXsystems TrueNAS CORE, allowing for remote code execution due to a directory traversal vulnerability. Specifically, the tarfile.extractall method lacks proper validation, enabling attackers to manipulate file paths. With an SVRS of 30, this vulnerability, while not critical, poses a significant risk because network-adjacent attackers can exploit it without authentication to execute arbitrary code as root. This can lead to complete system compromise and data breaches. Addressing CVE-2024-11944 is crucial to prevent unauthorized access and maintain the integrity of TrueNAS systems. Although the CVSS score is 0, the "In The Wild" tag indicates that it has been exploited, and administrators should monitor and patch the vulnerability as soon as possible.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-30
LAST MODIFIED2024-12-30

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

TrueNAS CORE Vulnerability Let Attackers Execute Remote Code
Divya2024-12-31
TrueNAS CORE Vulnerability Let Attackers Execute Remote Code | Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems. The vulnerability, CVE-2024-11944, allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. This discovery was presented during the renowned cybersecurity competition Pwn2Own. 2024 […] The post TrueNAS CORE Vulnerability Let Attackers Execute Remote Code
gbhackers.com
rss
forum
news
CVE-2024-11944 | iXsystems TrueNAS tarfile.extractall path traversal (ZDI-24-1643)
vuldb.com2024-12-07
CVE-2024-11944 | iXsystems TrueNAS tarfile.extractall path traversal (ZDI-24-1643) | A vulnerability classified as critical has been found in iXsystems TrueNAS. Affected is the function tarfile.extractall. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-11944. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the
vuldb.com
rss
forum
news
ZDI-24-1643: (Pwn2Own) iXsystems TrueNAS tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
2024-12-06
ZDI-24-1643: (Pwn2Own) iXsystems TrueNAS tarfile.extractall Directory Traversal Remote Code Execution Vulnerability | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-11944.
zerodayinitiative.com
rss
forum
news

Social Media

4) Critical TrueNAS CORE Vulnerability: CVE-2024-11944 A critical security vulnerability has been identified in TrueNAS CORE, a widely used open-source network-attached storage (NAS) operating system. Tracked as CVE-2024-11944, this flaw has been assigned a CVSS score of 7.5 and
1
0
0
🚨 A critical vulnerability (CVE-2024-11944) in TrueNAS CORE allows unauthenticated attacks, risking data exfiltration and device compromise. Immediate updates are essential. #TrueNAS #DataBreach #USA #CybersecurityNews link: https://t.co/wqQy7UCGBt https://t.co/WGtmetF9Ed
0
0
1
🗣 CVE-2024-11944: TrueNAS CORE Vulnerability Allows Unauthenticated Attacks https://t.co/sNDcDV158n
0
0
0
CVE-2024-11944 iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arb… https://t.co/deP8zBfrMe
0
0
2

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63
[email protected]https://www.zerodayinitiative.com/advisories/ZDI-24-1643/

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence