CVE-2024-57785

Medium

Published: 16 January 2025

Published

16 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.1624 94.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57785 is a medium-severity Use of Incorrectly-Resolved Name or Reference (CWE-706) vulnerability. Its CVSS base score is 4.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents local file inclusion by requiring validation of user-supplied file paths in the amc_uploads.php component to block path traversal attacks.

AC-3 Access Enforcement partial match

prevent

Enforces access control policies to restrict high-privilege users from reading sensitive local files even if inclusion is attempted.

AC-6 Least Privilege partial match

prevent

Limits the assignment of high privileges required for exploitation, reducing the attack surface for this PR:H vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

LFI in public-facing web app directly enables T1190 exploitation and arbitrary local file reads for T1005 data collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.

Deeper analysisAI

Zenitel AlphaWeb XE version 11.2.3.10 is affected by a local file inclusion vulnerability via the amc_uploads.php component, as tracked under CVE-2024-57785 and published on 2025-01-16. This flaw corresponds to CWE-706 and carries a CVSS v3.1 base score of 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N), indicating a moderate severity issue primarily impacting confidentiality.

The vulnerability can be exploited over the network with low complexity by an attacker possessing high privileges (PR:H), requiring no user interaction. Successful exploitation allows the attacker to achieve high-impact confidentiality violations, such as reading sensitive local files, without affecting integrity or availability.

Mitigation details are available in the referenced advisory at https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30.

Details

CWE(s): CWE-706

CVEs Like This One

CVE-2026-40912Shared CWE-706

CVE-2025-65474Shared CWE-706

CVE-2025-24813Shared CWE-706

CVE-2026-35666Shared CWE-706

CVE-2026-30856Shared CWE-706

CVE-2026-25890Shared CWE-706

CVE-2026-35039Shared CWE-706

References

https://gist.github.com/s4fv4n/56c326450dcb3ab808b5ce8242a11e30
cve@mitre.org