CVE-2024-5580
Published: 22 November 2024
Summary
CVE-2024-5580 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Alltena Allegra. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Allegra contains a deserialization of untrusted data vulnerability in the loadFieldMatch method that permits remote code execution. The flaw stems from insufficient validation of user-supplied input, allowing an attacker to supply a malicious serialized object. Affected installations run the code in the context of the LOCAL SERVICE account. The issue is tracked as ZDI-CAN-23452 and carries a CVSS 3.0 base score of 7.2.
An authenticated remote attacker can exploit the weakness to execute arbitrary code on the target system. Because the vulnerability requires high privileges, the attacker must already possess valid credentials with administrative access to the Allegra instance. Successful exploitation grants full control over the application process without user interaction.
The vendor addressed the issue in Allegra 7.5.2, as noted in the corresponding release notes, and the Zero Day Initiative published advisory ZDI-24-1163 detailing the flaw. Exploitation probability rose from a low baseline to a peak EPSS score of 0.1098 on 2025-12-11 before receding to the current value of 0.0575, indicating a temporary increase in observed interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47121
Vulnerability details
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadFieldMatch method. The…
more
issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23452.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.
Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.
Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.
Validates or rejects untrusted serialized data before deserialization occurs.
Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.
Integrity verification of serialized information can detect tampering before deserialization occurs.
Provenance of associated data allows detection of untrusted sources before deserialization or processing occurs.