13.5.1
CVE-2024-9922 describes a Path Traversal vulnerability discovered in Team+ by TEAMPLUS TECHNOLOGY. This flaw allows unauthenticated attackers to potentially read sensitive system files. The vulnerability affects versions 13.5.0 through 13.5.*, and a patch is available in version 13.5.1.
The primary impact of CVE-2024-9922 is the potential for unauthorized access to sensitive system files. An attacker exploiting this vulnerability could read configuration files, source code, or other data that could reveal credentials, internal network information, or proprietary algorithms. Successful exploitation could lead to further compromise of the system, including data exfiltration or privilege escalation, depending on the files accessed. The lack of authentication required for exploitation significantly broadens the attack surface, making it accessible to a wide range of attackers.
CVE-2024-9922 was publicly disclosed on 2024-10-14. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the ease of exploitation (unauthenticated access) and the potential impact, it is recommended to prioritize patching.
Exploit Status
EPSS
0.32% (55% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-9922 is to upgrade Team+ to version 13.5.1 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access to the Team+ server, implementing strict file system permissions, and closely monitoring file system activity for suspicious access attempts. Web application firewalls (WAFs) configured to detect and block path traversal attempts can also provide an additional layer of defense. After upgrading, verify the fix by attempting to access files outside of the intended directory via the vulnerable parameter; access should be denied.
Actualice Team+ a una versión que corrija la vulnerabilidad de path traversal. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización. Aplique las medidas de seguridad recomendadas por el proveedor para mitigar el riesgo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-9922 is a Path Traversal vulnerability in Team+ that allows unauthenticated attackers to read arbitrary system files, rated HIGH severity (CVSS 7.5).
You are affected if you are running Team+ versions 13.5.0 through 13.5.*. Upgrade to 13.5.1 to resolve the issue.
Upgrade Team+ to version 13.5.1. As a temporary workaround, restrict network access and monitor file system activity.
There are currently no confirmed reports of active exploitation, but the vulnerability is easily exploitable and should be patched promptly.
Refer to the TEAMPLUS TECHNOLOGY security advisory for CVE-2024-9922 on their official website (check their security announcements page).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.