Remote Access to Files and Directories through Anonymous Login Vulnerability in ProjectDiscovery Interactsh
CVE-2024-5262

9.8CRITICAL

Key Information:

Vendor: Projectdiscovery
Status: Interactsh
Vendor: CVE Published:; 5 June 2024

🔔 Create Projectdiscovery Vulnerability Alert

What is CVE-2024-5262?

A vulnerability has been identified in the SMB server of ProjectDiscovery's Interactsh, which allows remote attackers to gain unauthorized read and write access to files and directories. This issue arises from the exposure of files within the directory and its subdirectories, enabling potential manipulation without proper authentication via anonymous login. Administrators using Interactsh should immediately review their configurations and apply necessary security measures to mitigate these risks.

Affected Version(s)

Interactsh v0.0.6

References

https://zuso.ai/advisory/za-2024-01

third-party-advisory

https://github.com/projectdiscovery/interactsh/pull/874

patch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024
Vulnerability Reserved
May 23, 2024

JSON