CVERadar

CVE-2024-45720

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00079/1

CVE-2024-45720 is a command injection vulnerability affecting Subversion on Windows platforms. This flaw allows for the execution of arbitrary commands via specially crafted command line arguments due to improper character encoding conversion.

The vulnerability impacts all Subversion versions up to and including 1.14.3. Successful exploitation could lead to unauthorized access and control of the affected system.

While the CVSS score is 0, indicating a low base score, the SOCRadar Vulnerability Risk Score (SVRS) is 30. Although not critical (SVRS > 80), this suggests that the vulnerability is being discussed and potentially exploited, indicated by "In The Wild" tag. Users of Subversion on Windows are strongly advised to upgrade to version 1.14.4 to mitigate the security risk. Subversion installations on UNIX-like systems are not affected. The root cause, CWE-78, highlights the danger of improper input validation.

TAGS

In The Wild

VECTOR STRING

PUBLICATION DATE2024-10-09

LAST MODIFIED2024-10-10

SOCRadar

AI Insight

Description

CVE-2024-45720 is a vulnerability in Subversion on Windows platforms that allows for argument injection and execution of other programs when a specially crafted command line argument string is processed. This vulnerability has a CVSS score of 8.2, indicating a high severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) is 42, indicating a moderate risk level. This difference in scoring is due to the SVRS incorporating additional vulnerability intelligence elements, such as social media, news, and dark web data, which provide a more comprehensive view of the threat landscape.

Key Insights

Exploit Status: Active exploits have been published.
Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: There is no evidence that this vulnerability is being actively exploited in the wild.

Mitigation Strategies

Upgrade to Subversion version 1.14.4 or later.
Implement input validation and sanitization mechanisms to prevent the execution of arbitrary commands.
Use a web application firewall (WAF) to block malicious requests.
Monitor logs for suspicious activity and investigate any anomalies promptly.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-45720 | Apache Subversion up to 1.14.3 on Windows Command Line argument injection (Nessus ID 213027)

vuldb.com2024-12-15

CVE-2024-45720 | Apache Subversion up to 1.14.3 on Windows Command Line argument injection (Nessus ID 213027) | A vulnerability classified as critical has been found in Apache Subversion up to 1.14.3 on Windows. Affected is an unknown function of the component Command Line Handler. The manipulation leads to argument injection. This vulnerability is traded as CVE-2024-45720. Attacking locally is a requirement. There

vuldb.com

rss

forum

news

Tageszusammenfassung - 11.10.2024

CERT.at2024-12-02

Tageszusammenfassung - 11.10.2024 | End-of-Day report Timeframe: Donnerstag 10-10-2024 18:00 - Freitag 11-10-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Akira and Fog ransomware now exploit critical Veeam RCE flaw Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. https://www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/ Digitaler

cert.at

rss

forum

news

CVE-2024-45720: Apache Subversion: Command line argument injection on Windows platforms

2024-10-08

CVE-2024-45720: Apache Subversion: Command line argument injection on Windows platforms | Posted by Stefan Sperling on Oct 08I am happy to announce the release of Apache Subversion 1.14.4. This is a stable bugfix and security release of the Apache Subversion open source version control system. Among regular bug fixes, this release fixes CVE-2024-45720: Subversion command line argument injection on Windows platforms On Windows

seclists.org

rss

forum

news

Social Media

Nicolas Krassas

@Dinosn

2024-10-10

CVE-2024-45720: Code Execution Flaw Discovered in Apache Subversion for Windows https://t.co/sp4CKAMTI8

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://subversion.apache.org/security/CVE-2024-45720-advisory.txt

CWE Details

CWE ID	CWE Name	Description
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence