CVE-2024-57968

Name of the Vulnerable Software and Affected Versions Advantive VeraCore versions prior to 2024.4.2.1

Description The issue allows remote authenticated users to upload files to unintended folders, such as those accessible during web browsing by other users. The "upload.aspx" endpoint can be used for this purpose. The XE Group has been exploiting this issue to target supply chains, dropping reverse shells, exfiltrating files, and modifying data. This exploit has been used in real-world attacks, with the group shifting from credit card data theft to more sophisticated supply chain attacks.

Recommendations For Advantive VeraCore versions prior to 2024.4.2.1, consider disabling the upload feature from the application as a temporary workaround until a patch is available. Restrict access to the "upload.aspx" endpoint to minimize the risk of exploitation. Additionally, removing the upload feature from the application can help mitigate the risk, as seen in the temporary fix released for on-prem customers.