CVE-2024-57968
published 2025-02-03CVE-2024-57968: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web…
PriorityP186high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-03-31
Exploited in the wild
EPSS
30.34%
98.0th percentile
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantive | veracore | < 2024.4.2.1 | 2024.4.2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for HTTP requests targeting upload.aspx on VeraCore instances, particularly from authenticated sessions attempting to write files to unexpected or web-accessible directories outside of normal upload paths. ↗
- →CISA notes the vulnerability may also be exploitable by unauthenticated attackers — monitor for unauthenticated POST requests to upload.aspx as well as authenticated ones. ↗
- ·NVD describes the vulnerability as requiring authentication ('remote authenticated users'), while CISA's KEV catalog describes it as exploitable by 'remote unauthenticated' attackers — detection logic should cover both authenticated and unauthenticated access to upload.aspx. ↗
- ·Affected versions are Advantive VeraCore before 2024.4.2.1; ensure version-based detection or alerting targets only unpatched instances. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck9.9CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gx78-3r6j-qx7f: Advantive VeraCore before 2024
ghsa_unreviewed·2025-02-03
CVE-2024-57968 [CRITICAL] CWE-434 GHSA-gx78-3r6j-qx7f: Advantive VeraCore before 2024
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
VulnCheck
Advantive VeraCore Unrestricted File Upload Vulnerability
vulncheck·2024·CVSS 9.9
CVE-2024-57968 [CRITICAL] CWE-434 Advantive VeraCore Unrestricted File Upload Vulnerability
Advantive VeraCore Unrestricted File Upload Vulnerability
Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
Affected: Advantive VeraCore
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://intezer.com/blog/research/xe-group-exploiting-zero-days/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
Remediation Due: 2025-03-31
CISA
Advantive VeraCore Unrestricted File Upload Vulnerability
cisa·2025-03-10·CVSS 8.8
CVE-2024-57968 [HIGH] CWE-434 Advantive VeraCore Unrestricted File Upload Vulnerability
Vulnerability: Advantive VeraCore Unrestricted File Upload Vulnerability
Affected: Advantive VeraCore
Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57968
Remediation Due Date: 2025-03-31
No detection rules found.
No public exploits indexed.
https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1https://intezer.com/blog/research/xe-group-exploiting-zero-days/https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57968
2025-02-03
Published
2025-03-10
Added to CISA KEV
Exploited in the wild