CVE-2024-57968
Published: 03 February 2025
Summary
CVE-2024-57968 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Advantive Veracore. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations for access to system resources like file directories, directly preventing authenticated users from uploading to unintended folders.
SI-10 validates information inputs such as upload paths and filenames, blocking attempts to target unauthorized or browsable directories via upload.aspx.
AC-6 applies least privilege to restrict low-privileged authenticated users from accessing or writing to sensitive browsable folders.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The file upload vulnerability (CVE-2024-57968) in VeraCore's upload.aspx enables remote authenticated users to place arbitrary files, such as webshells, in web-accessible directories, facilitating public-facing application exploitation (T1190), web shell deployment for persistence/execution (T1505.003), and malware staging via upload (T1608.001).
NVD Description
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Deeper analysisAI
CVE-2024-57968 is a critical vulnerability in Advantive VeraCore versions prior to 2024.4.2.1, where remote authenticated users can upload files to unintended folders, including those accessible during web browsing by other users. This unrestricted file upload flaw, exploitable via the upload.aspx endpoint, is classified as CWE-434 and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting its potential for severe impact.
Low-privileged authenticated attackers can exploit the vulnerability remotely with minimal complexity and no user interaction required. By uploading malicious files to browsable directories, they can achieve high confidentiality, integrity, and availability impacts across a changed scope, potentially enabling code execution, data theft, or further system compromise visible to other users.
Vendor release notes for VeraCore 2024.4.2.1 document the patch addressing this issue. The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, urging federal agencies to apply mitigations promptly.
Research from Intezer and Solis Security details active exploitation by the XE Group, a threat actor progressing from credit card skimming to zero-day abuses including CVE-2024-57968.
Details
- CWE(s)
- KEV Date Added
- 10 March 2025