CVE-2024-57968
Published: 03 February 2025
Description
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Security Summary
CVE-2024-57968 is a critical vulnerability in Advantive VeraCore versions prior to 2024.4.2.1, where remote authenticated users can upload files to unintended folders, including those accessible during web browsing by other users. This unrestricted file upload flaw, exploitable via the upload.aspx endpoint, is classified as CWE-434 and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting its potential for severe impact.
Low-privileged authenticated attackers can exploit the vulnerability remotely with minimal complexity and no user interaction required. By uploading malicious files to browsable directories, they can achieve high confidentiality, integrity, and availability impacts across a changed scope, potentially enabling code execution, data theft, or further system compromise visible to other users.
Vendor release notes for VeraCore 2024.4.2.1 document the patch addressing this issue. The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, urging federal agencies to apply mitigations promptly.
Research from Intezer and Solis Security details active exploitation by the XE Group, a threat actor progressing from credit card skimming to zero-day abuses including CVE-2024-57968.
Details
- CWE(s)
- KEV Date Added
- 10 March 2025
Affected Products
Threat-Actor Attribution
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The file upload vulnerability (CVE-2024-57968) in VeraCore's upload.aspx enables remote authenticated users to place arbitrary files, such as webshells, in web-accessible directories, facilitating public-facing application exploitation (T1190), web shell deployment for persistence/execution (T1505.003), and malware staging via upload (T1608.001).