La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-28806

CVE-2024-28806 – Italtel i-MCS NFV

Vulnerability Description: Absolute Path Traversal - CWE-36

Software Version: 12.1.0-20211215

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-28806

CVSSv3:

Severity:

Credits: Luca Carbone, Fabio Romano, Stefano Scipioni, Massimiliano Brolli

The web server fails to sanitize the input data allowing remote unauthenticated attackers to upload files on the filesystem in an arbitrary path.

 

Step-by-step instructions and PoC

An unauthenticated user can upload files in an arbitrary path using a specific functionality of the web application.  An attacker can change the “uploadDir” parameter in the POST request (not possible using the GUI) to an arbitrary directory. Since the application does not check in which directory the file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server.

 

Below are the evidences with the vulnerability details and the payloads used. In this case, uploadDir was changed from /var/tmp/external/ to /tmp/

Payload used to exploit the vulnerability:

Security Impact

By exploiting this vulnerability on the web portal it was possible to upload files in an arbitrary path on the filesystem.