CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 03, 2025
Published Date: February 03, 2025
Last Updated: March 14, 2025
Vendor: Advantive
Product: VeraCore
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Tags

CVSS Scores

CVSS v3.1

9.9 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-03-10 00:00:00 UTC) Source

References

https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 https://intezer.com/blog/research/xe-group-exploiting-zero-days/ https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-10 00:00:00 UTC

Timeline

CVE ID Reserved

February 03, 2025
CVE Published to Public

February 03, 2025
Added to KEVIntel

March 10, 2025