CVE-2024-48760
Published: 14 January 2025
Description
Adversaries may modify host software binaries to establish persistent access to systems.
Security Summary
CVE-2024-48760 is a critical vulnerability affecting GestioIP version 3.5.7, an IP address management tool. The flaw resides in the file upload function, where a remote attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, leading to arbitrary code execution. It has been assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
The vulnerability can be exploited by any remote, unauthenticated attacker with network access to the affected GestioIP instance, requiring low complexity and no user interaction. Successful exploitation grants the attacker remote command execution on the server, potentially allowing full compromise including high confidentiality, integrity, and availability impacts.
References include the official GestioIP website at http://www.gestioip.net/index.html, a GitHub repository detailing the CVE at https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760, and a Docker Compose setup for GestioIP at https://github.com/muebel/gestioip-docker-compose, which security practitioners should review for additional context or potential patches.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
File upload vulnerability in GestioIP web application enables remote attackers to overwrite legitimate CGI script (upload.cgi) with malicious perlcmd.cgi for arbitrary code execution, facilitating public-facing application exploitation, web shell deployment, and host software binary compromise.