CVE-2024-57784
Published: 16 January 2025
Summary
CVE-2024-57784 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-57784 is a directory traversal vulnerability (CWE-22) residing in the /php/script_uploads.php component of Zenitel AlphaWeb XE version 11.2.3.10. It carries a CVSS 3.1 base score of 5.5 and permits path manipulation that can expose or alter files outside intended directories.
An attacker with high privileges can reach the flaw over the network with low attack complexity and no user interaction, resulting in high confidentiality impact together with limited integrity changes on the affected system.
The single reference is a public gist that documents the issue but supplies no vendor advisory, patch details, or mitigation guidance. The associated EPSS score has remained flat at 0.1820 with no reported rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53748
Vulnerability details
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal enables arbitrary local file reads (T1005) and supports file/directory enumeration (T1083) via the web app component.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the directory traversal flaw in /php/script_uploads.php through timely patching or code fixes.
Validates and sanitizes user-supplied file paths in the upload script to block directory traversal sequences like ../
Enforces strict access controls on file system operations within the upload component to restrict reads outside the intended directory.