CVE-2019-14251
published 2019-12-09CVE-2019-14251: An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully…
PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.85%
94.0th percentile
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| temenos | t24 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /WealthT24/GetImage with 'docDownloadPath' or 'uploadLocation' query parameters containing path traversal sequences (e.g., /etc/passwd, c:/windows/win.ini) — these indicate active LFI exploitation attempts against TEMENOS T24. ↗
- →The vulnerability is exploitable without authentication (unauthenticated LFI); alert on any unauthenticated requests to /WealthT24/GetImage regardless of session state. ↗
- →A successful exploitation response (HTTP 200) containing Unix passwd file content (root:.*:0:0:) or Windows win.ini content ('for 16-bit app support') confirms active exploitation.
- ·The vulnerable endpoint and parameters are specific to TEMENOS T24 version R15.01; confirm the affected version before deploying detections to avoid false positives on other versions. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ch35-w937-rw95: An issue was discovered in T24 in TEMENOS Channels R15
ghsa_unreviewed·2022-05-24
CVE-2019-14251 [MEDIUM] GHSA-ch35-w937-rw95: An issue was discovered in T24 in TEMENOS Channels R15
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.
VulnCheck
temenos t24 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2019·CVSS 7.5
CVE-2019-14251 [HIGH] temenos t24 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
temenos t24 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.
Affected: temenos t24
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=20
No detection rules found.
Nuclei
T24 Web Server - Local File Inclusion
nuclei·CVSS 7.5
CVE-2019-14251 [HIGH] T24 Web Server - Local File Inclusion
T24 Web Server - Local File Inclusion
T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
Template:
id: CVE-2019-14251
info:
name: T24 Web Server - Local File Inclusion
author: 0x_Akoko
severity: high
description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the T24 Web Server.
reference:
- https://github.com/kmkz/exp
No writeups or analysis indexed.
2019-12-09
Published
Exploited in the wild