CVE-2024-6049
published 2024-10-24CVE-2024-6049: The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP…
PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.32%
90.0th percentile
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
HTTP GET request path containing '...' (triple dot) segments targeting file extensions (e.g. .ini, .exe, .txt)
- →Detect unauthenticated HTTP GET requests containing triple-dot ('...') path segments in the URI, which are characteristic of this path traversal exploit against Lawo vTimeSync web server. ↗
- →Confirm exploitation by checking HTTP 200 response body for Windows/win.ini markers: 'bit app support', 'fonts', and 'extensions'. ↗
- →Fingerprint the target as a Lawo vTimeSync web server by checking the response body for the strings 'vTimeSync' and 'Lawo' before attempting traversal detection. ↗
- →Exploitation is only possible when the requested file has a file extension (e.g. .exe, .txt, .ini); filter/alert on traversal paths that include a file extension. ↗
- ·The path traversal uses '...' (triple dot) segments, not the standard '../' double-dot sequences. WAF/IDS rules tuned only for '../' traversal patterns will NOT detect this attack. ↗
- ·Exploitation requires the target file to have a file extension; requests for extension-less files will not succeed, which limits the scope of detectable payloads. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
nuclei·CVSS 7.5
CVE-2024-6049 [HIGH] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.
Template:
id: CVE-2024-6049
info:
name: Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
author: s4e-io
severity: high
description: |
The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitr
No writeups or analysis indexed.
2024-10-24
Published