Cyber Resilience

CVE-2024-34470

HighPublic PoC

Published: 06 May 2024

Published
06 May 2024
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.9278 99.8th percentile
Risk Priority 73 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-34470 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Hsclabs Mailinspector. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-34470 is an unauthenticated path traversal vulnerability affecting HSC Mailinspector versions 5.2.17-3 through 5.2.18. It resides in the /public/loader.php endpoint, where the path parameter fails to validate whether requested files or directories reside inside the webroot, allowing arbitrary file reads on the underlying server. The flaw is tracked under CWE-29 and carries a CVSS 3.1 score of 8.6.

An attacker with network access can exploit the issue without credentials or user interaction by supplying crafted path values that traverse outside the intended directory tree. Successful exploitation yields high-impact disclosure of sensitive files on the server, with the vulnerability's changed scope increasing potential reach beyond the vulnerable application.

Public proof-of-concept code demonstrating the traversal has been published on GitHub. The associated EPSS score currently stands at 0.9278 after reaching a peak of 0.9367, reflecting elevated and sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an…

more

attacker to read arbitrary files on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1087.001 Local Account Discovery
Adversaries may attempt to get a listing of local system accounts.
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
Why these techniques?

Unauthenticated path traversal in public-facing web app (T1190) enables arbitrary file reads (T1005), file/directory discovery (T1083), local account discovery via /etc/passwd (T1087.001), and OS credential dumping via /etc/passwd and /etc/shadow (T1003.008).

Affected Assets

hsclabs
mailinspector
5.2.17-3 — 5.2.19

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References