www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITY IN VALOR APPS EASY FOLDER LISTING PRO ALLOWS AN UNAUTHENTICATED REMOTE ATTACKER TO EXECUTE ARBITRARY CODE. PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-276
Versie: 
1.0
Geïmpacteerde software: 
Valor Apps Easy Folder Listing Pro (before: 3.8 and 4.5)
Type: 
Deserialization
CVE/CVSS: 

CVE-2024-11145, Score: 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bronnen

https://www.valorapps.com/web-products/easy-folder-listing-pro.html

Risico’s

The vulnerability presents a significant risk due to its potential for remote code execution, which could allow attackers to gain control over affected systems.

Furthermore, the vulnerability has a high impact on confidentiality, integrity, and availability.

Beschrijving

Valor Apps Easy Folder Listing Pro contains a deserialization vulnerability, a critical flaw that arises when untrusted data is processed during deserialization. This vulnerability allows an unauthenticated, remote attacker to send specially crafted input that can manipulate the deserialization process. By doing so, the attacker can execute arbitrary code on the server with the same privileges as the Joomla! application. 

Exploitation Impact:

  • Remote Exploitation - attackers can remotely send crafted malicious input to the deserialization process in the affected version of Valor Apps Easy Folder Listing Pro.
  • Arbitrary Code Execution - the deserialization process executes the malicious code within the payload, allowing attackers to run arbitrary commands under the privileges of the Joomla! application.
  • Privilege Escalation - attackers can leverage the application's permissions to gain broader access, potentially compromising additional systems or sensitive data.
  • System Compromise - exploitation can lead to unauthorized access, data theft, or further lateral movement within the target's network, depending on the attacker's intent.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

https://nvd.nist.gov/vuln/detail/CVE-2024-11145

https://github.com/advisories/GHSA-8cwc-g9gg-qp9w

https://portswigger.net/web-security/deserialization