CVE-2024-9985

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ragic:enterprise_cloud_database:*:*:*:*:*:*:*:*

History

16 Oct 2024, 22:02

Type	Values Removed	Values Added
Summary		(es) Enterprise Cloud Database de Ragic no valida correctamente el tipo de archivo para las cargas. Los atacantes con privilegios normales pueden cargar un webshell y usarlo para ejecutar código arbitrario en el servidor remoto.
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 9.8
References	~~() https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html -~~	() https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html - Third Party Advisory
CPE		cpe:2.3:a:ragic:enterprise_cloud_database::::::::
First Time		Ragic enterprise Cloud Database Ragic

15 Oct 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-15 09:15

Updated : 2024-10-16 22:02

NVD link : CVE-2024-9985

Mitre link : CVE-2024-9985

CVE.ORG link : CVE-2024-9985

JSON object : View

Products Affected

ragic

enterprise_cloud_database

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-9985", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2024-10-15T09:15:04.693", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server."}, {"lang": "es", "value": "Enterprise Cloud Database de Ragic no valida correctamente el tipo de archivo para las cargas. Los atacantes con privilegios normales pueden cargar un webshell y usarlo para ejecutar c\u00f3digo arbitrario en el servidor remoto."}], "lastModified": "2024-10-16T22:02:08.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ragic:enterprise_cloud_database:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "123DB9B3-4CC2-4700-B34E-B6BC405B33A6", "versionEndExcluding": "2024-08-08"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}