WARNING: CRITICAL VULNERABILITY IN VALOR APPS EASY FOLDER LISTING PRO ALLOWS AN UNAUTHENTICATED REMOTE ATTACKER TO EXECUTE ARBITRARY CODE. PATCH IMMEDIATELY!
CVE-2024-11145, Score: 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Bronnen
https://www.valorapps.com/web-products/easy-folder-listing-pro.html
Risico’s
The vulnerability presents a significant risk due to its potential for remote code execution, which could allow attackers to gain control over affected systems.
Furthermore, the vulnerability has a high impact on confidentiality, integrity, and availability.
Beschrijving
Valor Apps Easy Folder Listing Pro contains a deserialization vulnerability, a critical flaw that arises when untrusted data is processed during deserialization. This vulnerability allows an unauthenticated, remote attacker to send specially crafted input that can manipulate the deserialization process. By doing so, the attacker can execute arbitrary code on the server with the same privileges as the Joomla! application.
Exploitation Impact:
- Remote Exploitation - attackers can remotely send crafted malicious input to the deserialization process in the affected version of Valor Apps Easy Folder Listing Pro.
- Arbitrary Code Execution - the deserialization process executes the malicious code within the payload, allowing attackers to run arbitrary commands under the privileges of the Joomla! application.
- Privilege Escalation - attackers can leverage the application's permissions to gain broader access, potentially compromising additional systems or sensitive data.
- System Compromise - exploitation can lead to unauthorized access, data theft, or further lateral movement within the target's network, depending on the attacker's intent.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Referenties
https://nvd.nist.gov/vuln/detail/CVE-2024-11145