CVE-2024-56829
Published: 02 January 2025
Summary
CVE-2024-56829 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-56829 is a critical arbitrary file upload vulnerability in Huang Yaoshi Pharmaceutical Management Software through version 16.0. It occurs via a .asp filename specified in the fileName element of the UploadFile element within a SOAP request to the /XSDService.asmx endpoint. Classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its potential for severe impact with network-wide remote access, low attack complexity, no privileges or user interaction required, and high confidentiality, integrity, and availability consequences in a scoped context.
Unauthenticated remote attackers can exploit this flaw by crafting and sending a SOAP request to /XSDService.asmx with a malicious .asp file in the specified elements. This enables uploading arbitrary files, such as ASP web shells, which can then be executed on the server for remote code execution (RCE). Attackers achieving RCE gain full control over the vulnerable system, facilitating data theft, persistence, privilege escalation, or pivoting to other network assets.
The provided references link to GitHub documentation in a repository by Zerone0x00, which details the exploitation steps for the arbitrary file upload but does not include vendor advisories, patches, or explicit mitigation guidance. Practitioners should immediately restrict or block inbound traffic to /XSDService.asmx, monitor for suspicious SOAP requests, upgrade to a patched version if available from the vendor, and conduct forensic reviews on exposed instances.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53440
Vulnerability details
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload to public SOAP endpoint directly enables web shell deployment and RCE via T1190 exploitation of public-facing app and T1505.003 web shell.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents arbitrary file uploads by validating the fileName element in SOAP UploadFile requests to reject dangerous types like .asp.
Mitigates unauthenticated remote exploitation by monitoring and controlling communications to the vulnerable /XSDService.asmx endpoint.
Remediates the root flaw in Huang Yaoshi Pharmaceutical Management Software through timely patching or updates to eliminate unrestricted file uploads.