Plattform
other
Komponente
allegra
Behoben in
7.5.2
CVE-2024-5581 is a Remote Code Execution (RCE) vulnerability affecting Allegra versions 7.5.1.9 through 7.5.1.9. This flaw allows authenticated attackers to execute arbitrary code on vulnerable systems. The vulnerability stems from insufficient input validation within the unzipFile method. A fix is available in Allegra version 7.5.2.
The vulnerability lies within the unzipFile method, where insufficient validation of user-supplied paths allows an attacker to manipulate file operations. Successful exploitation enables an attacker to execute code in the context of the LOCAL SERVICE account, granting them significant control over the affected system. This could lead to data breaches, system compromise, and potential lateral movement within the network. The ability to execute code as LOCAL SERVICE elevates the potential impact, as this account often has elevated privileges.
CVE-2024-5581 was disclosed on 2024-11-22. The vulnerability was initially reported as ZDI-CAN-23453. Public proof-of-concept (PoC) code is currently unknown, but the relatively straightforward nature of directory traversal vulnerabilities suggests that a PoC may emerge. The CVSS score of 7.2 (HIGH) indicates a significant risk, and the LOCAL SERVICE execution context further amplifies the potential impact.
Organizations utilizing Allegra versions 7.5.1.9 through 7.5.1.9, particularly those with publicly accessible instances or those lacking robust authentication controls, are at risk. Shared hosting environments using Allegra are also potentially vulnerable.
disclosure
Exploit-Status
EPSS
9.35% (93% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5581 is to upgrade Allegra to version 7.5.2 or later, which includes the necessary path validation fixes. If immediate upgrading is not feasible, consider implementing stricter access controls to limit who can interact with the unzipFile functionality. While a direct WAF rule is difficult to implement without specific knowledge of the attack payload, monitoring for unusual file access patterns and suspicious network connections originating from the Allegra process can provide early detection. After upgrading, confirm the fix by attempting to trigger the vulnerable unzipFile method with a malicious path; the operation should now be rejected.
Actualice Allegra a la versión 7.5.2 o posterior. Esta versión corrige la vulnerabilidad de recorrido de directorios en el método unzipFile. La actualización mitigará el riesgo de ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5581 is a Remote Code Execution vulnerability in Allegra versions 7.5.1.9–7.5.1.9, allowing authenticated attackers to execute arbitrary code due to insufficient path validation in the unzipFile method.
You are affected if you are running Allegra versions 7.5.1.9 through 7.5.1.9. Check your Allegra version and upgrade if necessary.
Upgrade Allegra to version 7.5.2 or later to resolve this vulnerability. If upgrading is not immediately possible, restrict access to the unzipFile functionality.
While active exploitation is not currently confirmed, the vulnerability's nature suggests a potential for exploitation, and monitoring is recommended.
Refer to the Allegra security advisory for detailed information and updates regarding CVE-2024-5581.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.