CVE-2024-45256
Published: 26 August 2024
Summary
CVE-2024-45256 is a critical-severity Path Traversal (CWE-22) vulnerability in Chebuya (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-45256 is an arbitrary file write vulnerability in the exfiltration endpoint of BYOB (Build Your Own Botnet) version 2.0. The flaw resides in the file_add function within api/files/routes.py and stems from improper handling of a crafted parameter in unauthenticated HTTP requests, enabling path traversal (CWE-22). It carries a CVSS 3.1 score of 9.8.
Unauthenticated remote attackers can send a specially formed request to the endpoint to overwrite arbitrary files on the server, including SQLite databases used for authentication. Successful exploitation grants the ability to bypass login controls and potentially achieve further control over the botnet infrastructure.
Public references include a technical analysis and working exploit code demonstrating unauthenticated remote command execution chains that begin with this file-write primitive. The EPSS score stands at 0.5087 with no material post-disclosure rise indicated.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41394
Vulnerability details
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.