FileCatalyst Workflow: FTP Servlet Dir Traversal Enables Arbitrary File Uploads
CVE-2024-25153 Published on March 13, 2024
Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114
A directory traversal within the ftpservlet of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended uploadtemp directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portals DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Vulnerability Analysis
CVE-2024-25153 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Timeline
Discovered
Vendor Informed 2 days later.
Patch Released 2 days later.
Weakness Type
What is an Assumed-Immutable Parameter Tampering Vulnerability?
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
CVE-2024-25153 has been classified to as an Assumed-Immutable Parameter Tampering vulnerability or weakness.
Products Associated with CVE-2024-25153
stack.watch emails you whenever new vulnerabilities are published in Fortra Filecatalyst Workflow or Fortra Filecatalyst. Just hit a watch button to start following.
Affected Versions
Fortra FileCatalyst:- Version 5.1.4 and below 5.1.6 is affected.
- Version 5.1.4 and below 5.1.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.