CVE-2024-29375
Published: 04 April 2024
Summary
CVE-2024-29375 is a critical-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-29375 is a CSV injection vulnerability, tracked under CWE-1236, that affects Addactis IBNRS version 3.10.3.107. The flaw resides in the handling of user-supplied values in Project Description, Identifiers, Custom Triangle Name within Input Triangles, and Yield Curve Name fields when these are written to .ibnrs project files. An attacker can supply specially crafted input that is later interpreted as formulas when the file is opened in a spreadsheet application, resulting in a CVSS 3.1 score of 9.8.
A remote attacker with no authentication or user interaction required can supply a malicious .ibnrs file that triggers arbitrary code execution on a victim system that imports the file. Because the attack vector is network-reachable and the impact spans confidentiality, integrity, and availability, successful exploitation can lead to full compromise of the affected workstation.
The two reference URLs point to the same public GitHub repository containing proof-of-concept material; neither advisory nor vendor patch information is included in the provided references. The associated EPSS score has remained flat at 0.1170 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26384
Vulnerability details
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.