CVE-2024-48760
Published: 14 January 2025
Summary
CVE-2024-48760 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Gestioip Gestioip. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents unrestricted upload of dangerous CGI files by validating file types, names, and content at the upload function to block malicious perlcmd.cgi overwrites.
Enforces restrictions on file uploads at the application boundary to prohibit executable CGI scripts and other dangerous types that enable file overwrites and RCE.
Deploys malicious code protection at system entry points to scan and block uploaded perlcmd.cgi files before they can overwrite upload.cgi and execute arbitrary commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
File upload vulnerability in GestioIP web application enables remote attackers to overwrite legitimate CGI script (upload.cgi) with malicious perlcmd.cgi for arbitrary code execution, facilitating public-facing application exploitation, web shell deployment, and host software binary compromise.
NVD Description
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.
Deeper analysisAI
CVE-2024-48760 is a critical vulnerability affecting GestioIP version 3.5.7, an IP address management tool. The flaw resides in the file upload function, where a remote attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, leading to arbitrary code execution. It has been assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
The vulnerability can be exploited by any remote, unauthenticated attacker with network access to the affected GestioIP instance, requiring low complexity and no user interaction. Successful exploitation grants the attacker remote command execution on the server, potentially allowing full compromise including high confidentiality, integrity, and availability impacts.
References include the official GestioIP website at http://www.gestioip.net/index.html, a GitHub repository detailing the CVE at https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760, and a Docker Compose setup for GestioIP at https://github.com/muebel/gestioip-docker-compose, which security practitioners should review for additional context or potential patches.
Details
- CWE(s)