CVE-2024-53303

Name of the Vulnerable Software and Affected Versions LRQA Nettitude PoshC2 versions after commit 123db87

Description A remote code execution issue exists in the upload file function, allowing authenticated attackers to execute arbitrary code via a crafted POST request to the API endpoint. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For versions after commit 123db87, consider disabling the upload file function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution. Avoid using the vulnerable upload file function in the affected API endpoint until the issue is resolved.