PT-2024-29635 · Veertu · Veertu Anka Build

Kpc

Published

2024-10-03

Updated

2024-12-18

CVE-2024-41922

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Veertu Anka Build version 1.42.0

Description A directory traversal vulnerability exists in the log files download functionality. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Recommendations For Veertu Anka Build version 1.42.0, consider disabling the log files download functionality until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using the log files download feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-41922

Affected Products

Veertu Anka Build

PT-2024-29635 · Veertu · Veertu Anka Build

CVE-2024-41922

Weakness Enumeration

Related Identifiers

Affected Products

References · 10