CVE-2024-54449
Published: 14 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2024-54449 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting LogicalDOC, a document management application. It stems from a flaw (CWE-23: Relative Path Traversal) in two endpoints of the API used to interact with documents. These endpoints enable an authenticated attacker to write a file with attacker-controlled contents to an arbitrary location on the underlying file system of the web server hosting LogicalDOC, facilitating remote code execution (RCE).
An attacker requires an authenticated account with read and write privileges on at least one existing document in the application to exploit the vulnerability. Once exploited, the attacker can achieve RCE by writing malicious files, allowing them to execute arbitrary commands on the operating system of the LogicalDOC web server.
For details on mitigation, including any patches or advisories, refer to the CYRC advisory published by Black Duck at https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Authenticated arbitrary file write in web app API enables public-facing app exploitation (T1190), privilege escalation to RCE (T1068), and web shell deployment for persistence/execution (T1505.003).