CVE-2024-57785

Medium

Published: 16 January 2025

Published

16 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.1624 94.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.

Security Summary

Zenitel AlphaWeb XE version 11.2.3.10 is affected by a local file inclusion vulnerability via the amc_uploads.php component, as tracked under CVE-2024-57785 and published on 2025-01-16. This flaw corresponds to CWE-706 and carries a CVSS v3.1 base score of 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N), indicating a moderate severity issue primarily impacting confidentiality.

The vulnerability can be exploited over the network with low complexity by an attacker possessing high privileges (PR:H), requiring no user interaction. Successful exploitation allows the attacker to achieve high-impact confidentiality violations, such as reading sensitive local files, without affecting integrity or availability.

Mitigation details are available in the referenced advisory at https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30.

Details

CWE(s): CWE-706

References

https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30
cve@mitre.org