Cyber Resilience

CVE-2024-57785

Medium

Published: 16 January 2025

Published
16 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2058 95.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57785 is a medium-severity Use of Incorrectly-Resolved Name or Reference (CWE-706) vulnerability. Its CVSS base score is 4.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

Zenitel AlphaWeb XE version 11.2.3.10 contains a local file inclusion vulnerability in the amc_uploads.php component, tracked as CVE-2024-57785. The flaw is rated 4.9 under CVSS 3.1 with a vector of AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N and is associated with CWE-706, indicating improper handling of file paths that can expose sensitive local resources.

An authenticated administrator with network access can supply crafted input to the affected component and retrieve arbitrary files from the underlying system, resulting in disclosure of confidential data without affecting integrity or availability. The EPSS score has remained flat at 0.2058 with no observed rise after disclosure.

A public gist provides technical details on the issue, though no vendor advisory or patch information is referenced in available sources.

EU & UK References

Vulnerability details

Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

LFI in public-facing web app directly enables T1190 exploitation and arbitrary local file reads for T1005 data collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40912Shared CWE-706
CVE-2025-24813Shared CWE-706
CVE-2025-65474Shared CWE-706
CVE-2026-35666Shared CWE-706
CVE-2026-25890Shared CWE-706
CVE-2026-30856Shared CWE-706
CVE-2026-35039Shared CWE-706

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents local file inclusion by requiring validation of user-supplied file paths in the amc_uploads.php component to block path traversal attacks.

prevent

Enforces access control policies to restrict high-privilege users from reading sensitive local files even if inclusion is attempted.

prevent

Limits the assignment of high privileges required for exploitation, reducing the attack surface for this PR:H vulnerability.

References