cbcvebase.
CVE-2024-57968
published 2025-02-03

CVE-2024-57968: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web…

PriorityP186high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-03-31
Exploited in the wild
EPSS
30.34%
98.0th percentile
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantiveveracore< 2024.4.2.12024.4.2.1

Detection & IOCsextracted from sources · hover to see the quote

pathupload.aspx
  • Monitor for HTTP requests targeting upload.aspx on VeraCore instances, particularly from authenticated sessions attempting to write files to unexpected or web-accessible directories outside of normal upload paths.
  • CISA notes the vulnerability may also be exploitable by unauthenticated attackers — monitor for unauthenticated POST requests to upload.aspx as well as authenticated ones.
  • ·NVD describes the vulnerability as requiring authentication ('remote authenticated users'), while CISA's KEV catalog describes it as exploitable by 'remote unauthenticated' attackers — detection logic should cover both authenticated and unauthenticated access to upload.aspx.
  • ·Affected versions are Advantive VeraCore before 2024.4.2.1; ensure version-based detection or alerting targets only unpatched instances.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck9.9CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.