CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-34521

Medium Severity
SVRS
38/100
CVSSv3
3.5/10
EPSS
0.00048/1

CVE-2024-34521: Directory traversal vulnerability in Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, enables unauthorized file access. This flaw permits an administrative user to access sensitive system files with the elevated privileges of the system user running the application. While the CVSS score is 3.5, indicating low severity, the SOCRadar Vulnerability Risk Score (SVRS) of 38 suggests a slightly elevated risk profile. The vulnerability allows attackers to read arbitrary files. This could result in the disclosure of sensitive information such as configuration files or credentials. Despite not being critically severe (SVRS below 80), the potential for information disclosure makes it a notable risk. Mitigation is advised to prevent potential misuse.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:R
S:U
C:L
I:L
A:N
PUBLICATION DATE2025-02-12
LAST MODIFIED2025-02-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-34521 is a directory traversal vulnerability found in Mavenir SCE Application Provisioning Portal version PORTAL-LBS-R_1_0_24_0. This flaw enables an authenticated administrative user to access sensitive system files with the privileges of the system user running the application. The SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 38.

Key Insights

  • Privileged Access: The directory traversal allows an attacker with administrative privileges to bypass intended access restrictions and view system files as if they were the system user. This can lead to the disclosure of sensitive information, including configuration files, credentials, and internal code.
  • Internal Threat Focus: The vulnerability is exploitable by administrative users, indicating a potential risk from malicious insiders or compromised administrator accounts.
  • Limited Severity per SVRS: While the vulnerability exists, the SVRS score of 38 suggests the risk is not critical. The primary factors contributing to this score likely include the requirement for administrative access and the lack of active exploitation in the wild.
  • No public information indicates that there are active exploits of the vulnerability, specific Threat Actors/APT Groups exploiting it, CISA Warnings or being used in the wild.

Mitigation Strategies

  1. Input Validation and Sanitization: Implement robust input validation and sanitization techniques in the Mavenir SCE Application Provisioning Portal to prevent directory traversal attacks. This includes carefully validating user-supplied file paths and preventing the use of characters like ".." that allow traversal to parent directories.
  2. Least Privilege Principle: Review and enforce the principle of least privilege for administrative users. Restrict their access to only the files and directories necessary for their roles. Regularly audit access controls.
  3. Update to a Patched Version: Check the availability of newer versions of Mavenir SCE Application Provisioning Portal. Update to a patched version as soon as it is released by the vendor to remediate the vulnerability.
  4. Internal Threat Detection: Implement monitoring and alerting mechanisms to detect suspicious activity by administrative users. This could include monitoring access to sensitive system files or unusual patterns of file access.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-34521 | Mavenir SCE Application Provisioning Portal 1_0_24_0 File Permission path traversal
vuldb.com2025-02-13
CVE-2024-34521 | Mavenir SCE Application Provisioning Portal 1_0_24_0 File Permission path traversal | A vulnerability was found in Mavenir SCE Application Provisioning Portal 1_0_24_0. It has been classified as critical. This affects an unknown part of the component File Permission Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-34521. Access to
vuldb.com
rss
forum
news

Social Media

CVE-2024-34521 A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to a… https://t.co/3GYxFJmBPB
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/whitewhale-dmb/Vulnerability-Research/tree/main/CVE-2024-34521

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence