CVERadar

CVE-2024-36415

Critical Severity

Salesagility

SVRS

77/100

CVSSv3

8.8/10

EPSS

0.01143/1

CVE-2024-36415 is a critical remote code execution vulnerability affecting SuiteCRM. This flaw stems from inadequate verification of uploaded files, potentially allowing attackers to execute arbitrary code on the server. While the CVSS score is 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 77, indicating a significant and near-critical risk demanding close attention. Though not exceeding the threshold of 80 for immediate action, the exploitability of this vulnerability is high. Upgrade to versions 7.14.4 or 8.6.1 to mitigate the risk. Failure to patch could lead to compromised systems and data breaches. The presence of CWE-434 further underscores the dangerous nature of unrestricted file uploads.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:L

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-06-10

LAST MODIFIED2024-06-12

SOCRadar

AI Insight

Description

CVE-2024-36415 is a critical vulnerability in SuiteCRM, an open-source CRM software application. It allows for remote code execution due to insufficient verification of uploaded files. The CVSS score of 9.1 indicates the high severity of this vulnerability, while the SVRS of 38 suggests a moderate level of risk.

Key Insights

Remote Code Execution: This vulnerability allows attackers to execute arbitrary code on vulnerable systems, potentially leading to complete system compromise.
Widely Used Software: SuiteCRM is a popular CRM software with a large user base, making it a prime target for exploitation.
Active Exploits: Active exploits have been published for this vulnerability, indicating that it is actively being targeted by attackers.

Mitigation Strategies

Update Software: Install the latest version of SuiteCRM (7.14.4 or 8.6.1) to patch the vulnerability.
Restrict File Uploads: Implement strict file upload policies to prevent untrusted users from uploading malicious files.
Use a Web Application Firewall (WAF): Deploy a WAF to block malicious requests and protect against exploitation attempts.
Monitor for Suspicious Activity: Regularly monitor logs and security alerts for any suspicious activity that may indicate an exploitation attempt.

Additional Information

Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: This vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-36415 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 unrestricted upload (GHSA-c82f-58jv-jfrh)

vuldb.com2024-06-10

CVE-2024-36415 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 unrestricted upload (GHSA-c82f-58jv-jfrh) | A vulnerability classified as problematic was found in SalesAgility SuiteCRM up to 7.14.3/8.6.0. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-36415. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

cve-2024-36415

domains

urls

cves

Social Media

CRAC Learning - Tech

@cracbot

2024-06-15

CVE-2024-36415 (CVSS:8.8, HIGH) is Analyzed. SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6..https://t.co/IwpAC7BUkL #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

CVEFind.com

@CveFindCom

2024-06-10

[CVE-2024-36415: 9.1/CRITICAL] Attention SuiteCRM users! Vulnerability in versions prior to 7.14.4 & 8.6.1 lets remote attackers execute code. Make sure to update to versions 7.14.4 or 8.6.1 for a fix. #cybersecurity https://t.co/XblmD8dN3v

CVE

@CVEnew

2024-06-10

CVE-2024-36415 SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verificat… https://t.co/K1khxQ5pmK

Affected Software

Configuration 1

Type	Vendor	Product
App	Salesagility	suitecrm

References

Reference	Link
[email protected]	https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh

CWE Details

CWE ID	CWE Name	Description
CWE-98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in require, include, or similar functions.
CWE-434	Unrestricted Upload of File with Dangerous Type	The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence