Ransomware Attacks via Malicious File Uploads
CVE-2024-7694

7.2HIGH

Key Information:

Vendor: Teamt5
Status: Threatsonar Anti-ransomware
Vendor: CVE Published:; 12 August 2024

Summary

An issue has been identified in ThreatSonar Anti-Ransomware by TeamT5 where the application fails to adequately validate the content of files uploaded by users. This can enable remote attackers, who possess administrator privileges on the product’s platform, to submit malicious files. The incorporation of such files can lead to the execution of arbitrary commands on the server, thereby putting the integrity and security of the system at significant risk.

Affected Version(s)

ThreatSonar Anti-Ransomware 0 <= 3.4.5

References

https://www.twcert.org.tw/tw/cp-132-7998-d76dd-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Aug 12, 2024

Collectors

NVD DatabaseMitre Database