CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-54453

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00066/1

CVE-2024-54453: Path traversal vulnerability in Kurmi Provisioning Suite allows remote attackers to retrieve sensitive files. This security flaw affects versions before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. Attackers can exploit the DocServlet servlet to access any file within the Kurmi web application's installation folder, including potentially critical source code. Even with a SOCRadar Vulnerability Risk Score (SVRS) of 30, indicating a moderate risk, the potential for unauthorized access to application internals necessitates prompt investigation and patching. The ability to retrieve obfuscated and/or compiled Kurmi source code could expose intellectual property and create further exploit opportunities. Organizations using affected versions of Kurmi Provisioning Suite should prioritize updating to a patched version to mitigate this risk. The presence of the "In The Wild" tag suggests active exploitation or public availability of exploit code.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-27
LAST MODIFIED2024-12-31
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-54453 is a path traversal vulnerability affecting Kurmi Provisioning Suite versions prior to 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. This vulnerability allows remote attackers to retrieve arbitrary files from the Kurmi web application installation folder, potentially including sensitive data like source code. While the CVSS score is 0, the SVRS score is 38, indicating a moderate risk and the need for prompt attention.

Key Insights

  • Exploitability: This vulnerability is currently being actively exploited "in the wild" by hackers.
  • Potential Impact: Successful exploitation could lead to the compromise of sensitive information, including source code, configuration files, and potentially access credentials.
  • Wide Impact: The vulnerability affects multiple Kurmi Provisioning Suite versions, potentially impacting a large number of users.
  • Unpatched Versions: Users with affected versions of Kurmi Provisioning Suite are vulnerable and must prioritize patching.

Mitigation Strategies

  • Patching: Immediately update Kurmi Provisioning Suite to the latest patched version (7.9.0.35 or later).
  • Network Segmentation: Isolate Kurmi Provisioning Suite from the rest of the network to limit the potential impact of exploitation.
  • File Integrity Monitoring: Implement file integrity monitoring tools to detect any unauthorized file modifications or deletions within the Kurmi installation directory.
  • Web Application Firewall (WAF): Consider implementing a WAF to help prevent malicious requests targeting the vulnerable servlet.

Additional Information

While the provided information offers a preliminary assessment, a thorough analysis and investigation are crucial to understand the specific impact of this vulnerability on your environment. If you have further questions regarding this incident, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-54453 | Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15 DocServlet path traversal
vuldb.com2024-12-27
CVE-2024-54453 | Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15 DocServlet path traversal | A vulnerability classified as critical was found in Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15. This vulnerability affects unknown code of the component DocServlet. The manipulation leads to path traversal. This vulnerability was named CVE-2024-54453. The attack can be initiated remotely. There is no exploit available. It is recommended
vuldb.com
rss
forum
news

Social Media

CVE-2024-54453 An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the Doc… https://t.co/EqSpVzQgDf
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://kurmi-software.com
[email protected]https://kurmi-software.com/cve/cve-2024-54453/

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence