Security researchers identified a moderate unauthenticated directory traversal vulnerability (CVE-2024-7928) in FastAdmin that lets attackers traverse the file system and access sensitive data. Upgrading to FastAdmin 1.3.4.20220530 mitigates the risk, with a PoC published on GitHub and SonicWall IPS signature 20259 available to help protect users. #CVE-2024-7928 #FastAdmin #GitHub #SonicWall
Keypoints
- Vulnerability Identified: CVE-2024-7928, a directory traversal vulnerability in FastAdmin.
- CVSS Score: 5.3, categorized as moderate severity.
- Impact: Allows unauthenticated attackers to access sensitive information by traversing the file system.
- Proof of Concept: Available on GitHub, affecting FastAdmin versions up to 1.3.3.20220121.
- Exploitation Method: Requires a crafted GET request to exploit the vulnerability.
- Remediation: Users should upgrade to FastAdmin version 1.3.4.20220530.
- SonicWall Protections: IPS signature 20259 has been released to protect against this vulnerability.
MITRE Techniques
- [T1210] Exploitation of Remote Services β Exploiting the directory traversal vulnerability to gain unauthorized access to sensitive data. βA crafted GET request to a vulnerable FastAdmin instance is necessary and sufficient to exploit the issue.β
- [T1003] Credential Dumping β Using stolen credentials to access and manipulate sensitive information. βOnce the exploit is successful, an attacker can use stolen credentials with a MySQL utility tool to access, manipulate, and expose sensitive information.β
Indicators of Compromise
- [URL] context β https://nvd.nist.gov/vuln/detail/CVE-2024-7928, https://github.com/bigb0x/CVE-2024-7928