CVE-2024-41628
published 2024-07-26CVE-2024-41628: Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.46%
92.9th percentile
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.
Detection & IOCsextracted from sources · hover to see the quote
- →Fingerprint the target by checking the HTTP response body for both 'ClusterControl' and 'CMON_API' strings with content-type text/html and HTTP 200 status before attempting exploitation. ↗
- →The directory traversal payload uses a double leading slash in the traversal path (//etc/passwd) combined with multiple ../ sequences; monitor HTTP GET requests to the CMON API endpoint matching this pattern. ↗
- →Successful exploitation returns /etc/passwd content in the HTTP response body; detect by matching the regex 'root:.*:0:0:' in responses from ClusterControl hosts. ↗
- →Use FOFA icon hash queries to identify exposed ClusterControl instances: icon_hash="160707013" or icon_hash="-1815707560". ↗
- →The vulnerability is unauthenticated (PR:N) and network-reachable (AV:N); no authentication headers are required in the traversal request. ↗
- ·Affected versions are 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780; the traversal path and detection regex are only validated against these builds. ↗
- ·The Nuclei template uses a two-step flow: step 1 fingerprints the host (internal matcher), step 2 fires the traversal payload — single-step detections without fingerprinting may produce false positives. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Cluster Control CMON API - Directory Traversal
nuclei·CVSS 7.5
CVE-2024-41628 [HIGH] Cluster Control CMON API - Directory Traversal
Cluster Control CMON API - Directory Traversal
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.
Template:
id: CVE-2024-41628
info:
name: Cluster Control CMON API - Directory Traversal
author: s4e-io
severity: high
description: |
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.
impact: |
Unauthenticated attackers can exploit directory traversal to read arbitrary files from the Cluster Control server.
remedia
No writeups or analysis indexed.
http://clustercontrol.comhttp://severalnines.comhttps://docs.severalnines.com/docs/clustercontrol/changelogs/changes-in-v1-9-8/#maintenance-release-july-24th-2024https://docs.severalnines.com/docs/clustercontrol/changelogs/changes-in-v2-1-0/https://github.com/Redshift-CyberSecurity/CVE-2024-41628http://clustercontrol.comhttp://severalnines.comhttps://docs.severalnines.com/docs/clustercontrol/changelogs/changes-in-v1-9-8/#maintenance-release-july-24th-2024https://docs.severalnines.com/docs/clustercontrol/changelogs/changes-in-v2-1-0/
2024-07-26
Published