Cyber Resilience

CVE-2024-11664

HighPublic PoC

Published: 25 November 2024

Published
25 November 2024
Modified
04 December 2024
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0375 88.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11664 is a high-severity Path Traversal (CWE-22) vulnerability in Enms Enms. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique SSH Authorized Keys (T1098.004); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A path traversal vulnerability (CWE-22) rated critical has been identified in eNMS versions up to 4.2. The flaw resides in the multiselect_filtering function within the TGZ File Handler component at eNMS/controller.py and stems from improper input handling that permits directory traversal sequences.

An attacker with low-privileged remote access can supply crafted input to the affected function, enabling arbitrary file read or write operations that compromise confidentiality, integrity, and availability on the server. Public exploit code has been released, and the CVSS 4.0 vector reflects network attack reach with no user interaction required.

The project has published a fix in commit 22b0b443acca740fc83b5544165c1f53eff3f529, available via the referenced pull request; administrators are advised to apply the patch promptly. The associated EPSS score rose from lower values to a peak of 0.0653 before receding to the current 0.0375, indicating a temporary increase in observed exploitation interest after disclosure.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The…

more

attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1098.004 SSH Authorized Keys Persistence
Adversaries may modify the SSH <code>authorized_keys</code> file to maintain persistence on a victim host.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal in TGZ file handler enables arbitrary file writes (e.g., SSH authorized keys for persistence, T1098.004) via exploitation of a public-facing web application (T1190).

Affected Assets

enms
enms
≤ 4.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References