CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-57785

High Severity
SVRS
49/100
CVSSv3
4.9/10
EPSS
0.0592/1

CVE-2024-57785: Local File Inclusion vulnerability in Zenitel AlphaWeb XE v11.2.3.10. Discovered in amc_uploads.php, this vulnerability allows attackers to include local files, potentially leading to sensitive information disclosure. With a SOCRadar Vulnerability Risk Score (SVRS) of 49, this vulnerability requires monitoring and further assessment to determine the potential impact on your systems. Although the CVSS score is 4.9, indicating a medium severity, the SVRS provides a more nuanced view of the real-world risk. Successful exploitation could allow unauthorized access to configuration files, source code, or other sensitive data stored on the server. Immediate patching is advised for systems running vulnerable versions of AlphaWeb XE. Protect your systems from potential attacks. Given the 'In The Wild' tag, monitor for potential exploitation attempts.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-01-16
LAST MODIFIED2025-02-04
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-57785 affects Zenitel AlphaWeb XE v11.2.3.10 and allows attackers to exploit a local file inclusion vulnerability via the amc_uploads.php component. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 38, signifying a moderate vulnerability requiring attention. The vulnerability has been observed "In The Wild," indicating active exploitation.

Key Insights

  • Local File Inclusion: The vulnerability allows attackers to include arbitrary files from the local system, granting them access to sensitive data or even the ability to execute malicious code.
  • Unpatched Systems: Systems running Zenitel AlphaWeb XE v11.2.3.10 are vulnerable to this exploit.
  • Active Exploitation: This vulnerability is actively being exploited by attackers "In The Wild," indicating a pressing need for immediate action.
  • Potential for Data Breaches: Successful exploitation could lead to data breaches, data exfiltration, and system compromise, potentially impacting confidentiality, integrity, and availability.

Mitigation Strategies

  • Update to the Latest Version: Immediately update to the latest version of Zenitel AlphaWeb XE, which includes a patch for this vulnerability.
  • Disable or Remove amc_uploads.php: If updating is not immediately feasible, disable or remove the amc_uploads.php component to mitigate the risk.
  • Implement Strong Access Control: Ensure strong access control measures are in place to limit access to vulnerable systems and components.
  • Regular Security Audits: Conduct regular security audits to identify and address vulnerabilities proactively.

Additional Information

For further information on this incident, or to discuss specific mitigation strategies for your organization, please use the 'Ask to Analyst' feature within SOCRadar, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-57785 | Zenitel AlphaWeb XE 11.2.3.10 amc_uploads.php file inclusion
vuldb.com2025-01-17
CVE-2024-57785 | Zenitel AlphaWeb XE 11.2.3.10 amc_uploads.php file inclusion | A vulnerability was found in Zenitel AlphaWeb XE 11.2.3.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file amc_uploads.php. The manipulation leads to file inclusion. This vulnerability is known as CVE-2024-57785. The attack needs to be initiated within the local network. There is no
vuldb.com
rss
forum
news

Social Media

CVE-2024-57785 Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. https://t.co/pINqbBQ3Pa
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence