La nuova immagine di TIM
Una nuova immagine con uno stile dinamico, colori moderni e persone che occupano quasi interamente la scena. Scopri di più
Presentazione dei Risultati H1 2025
Vai alla pagina
La Sostenibilità per TIM
Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci
Ultimi Comunicati Stampa
Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati
Vulnerability Description: Multiple Relative Path Traversal – CWE-23
Software Version: 1.6.4
NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-31841
CVSv3:
Severity:
Credits: Luca Carbone, Fabio Romano, Federico Draghelli, Massimiliano Brolli
The web server fails to sanitize the input data allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
Step-by-step instructions and PoC
An unauthenticated user can read arbitrary files using multiple functionalities of the web application. An attacker can change the “filename” parameter in the POST request by adding sequences of ‘../’ in order to reference files outside the intended directory. Since the application does not check in which directory the file will be read, an attacker can access any file on the filesystem, including application source code, configuration files and so on.
Affected Endpoints
· URL: https://[HOST]/[NODE-NAME/supervoip/api/v1/reportTraceBCCAS/buttonViewReportTraceBCCAS/[ANY-STRING]/[ANY-STRING]/it
· URL: https://[HOST]/[NODE-NAME]/ supervoip/api/v1/logTrace/buttonViewLogTrace/[ANY-STRING]/[ANY-STRING]/it
· URL: https://[HOST]/[NODE-NAME]/ supervoip/api/v1/reportTrace/buttonViewReportTrace/[ANY-STRING]/[ANY-STRING]/it
· URL: https://[HOST]/[NODE-NAME]/ supervoip/api/v1/logTraceBCCAS/buttonViewLogTraceBCCAS/[ANY-STRING]/[ANY-STRING]/it
Below are the evidences with the vulnerability details and the payloads used.
Payload used to exploit the vulnerability:
Figure 1.1 - Payload
Figure 1.2 - Relative Path Traversal
Figure 2.1 - Payload
Figure 2.2 – Relative Path Traversal
Figure 3.1 - Payload
Figure 3.2 – Relative Path Traversal
Figure 4.1 - Payload
Figure 4.2 – Relative Path Traversal
Security Impact
By exploiting this vulnerability on the web portal, it was possible to read arbitrary files on the filesystem.
Remediation Steps
Implement strict validation for input parameters. Check that the path specified within the parameter is restricted only and exclusively to a dedicated directory.