Unrestricted JSP File Upload Enables Shell Execution
CVE-2024-12700 Published on December 19, 2024

Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.

NVD

Vulnerability Analysis

CVE-2024-12700 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2024-12700 has been classified to as an Unrestricted File Upload vulnerability or weakness.

Affected Versions

Tibbo AggreGate Network Manager:

Before and including 6.34.02 is affected.

Exploit Probability

EPSS

0.27%

Percentile

50.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Unrestricted JSP File Upload Enables Shell ExecutionCVE-2024-12700 Published on December 19, 2024

Vulnerability Analysis

Weakness Type

What is an Unrestricted File Upload Vulnerability?

Affected Versions

Exploit Probability

Unrestricted JSP File Upload Enables Shell Execution
CVE-2024-12700 Published on December 19, 2024