1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Advantive VeraCore Unrestricted File Upload Vulnerability

Known Exploited Vulnerabilities CVE-2024-57968

Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability exploitation_technique T1078 Valid Accounts
Comments
Advantive VeraCore versions prior to 2024.4.2.1 contain an unrestricted file upload flaw that can lead to remote code execution and full system compromise. This attack requires valid credentials for VeraCore.
References
  1. https://intezer.com/blog/xe-group-exploiting-zero-days/
CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Advantive VeraCore versions prior to 2024.4.2.1 contain an unrestricted file upload flaw that can lead to remote code execution and full system compromise. This attack requires valid credentials for VeraCore.
References
  1. https://intezer.com/blog/xe-group-exploiting-zero-days/