External risk intelligence

Stimulsoft Dashboard.JS Directory Traversal Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2024-24398

Stimulsoft Dashboards are web-based reporting and analytics components typically integrated into web applications. As web applications are commonly deployed as internet-facing services to provide dashboards to external users, this component is likely to be reachable from the internet.

Path Traversal

Stimulsoft Dashboards Php

before 2024.1.2

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A directory traversal vulnerability has been identified in Stimulsoft Dashboard.JS, a technology used for reporting and analytics. This flaw could allow a remote attacker to execute arbitrary code by sending a specially crafted request. The main concern is to confirm if this specific technology is in use and if it is exposed externally.

  • Issue: Code execution through a file path vulnerability.
  • Remember: Affects web-based reporting and analytics components.
  • Takeaway: Confirm relevance and external exposure of this technology.

Attack Path

How an attacker could exploit the issue

An attacker could exploit a directory traversal vulnerability in Stimulsoft Dashboards.JS by sending a specially crafted payload to the `fileName` parameter. This allows the attacker to execute arbitrary code on the server.

  • No authentication required.
  • Triggered via the `fileName` parameter in the Save function.
  • Enables arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

A directory traversal vulnerability in Stimulsoft Dashboard.JS, when exposed to a network, could allow an unauthenticated remote attacker to execute arbitrary code by manipulating the `fileName` parameter in the `Save` function. This could impact the confidentiality, integrity, and availability of the affected system.

  • System files could be accessed or overwritten.
  • A crafted request could exploit the vulnerability.
  • Arbitrary code execution may occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

The vendor-specific nature of this vulnerability suggests that the application or platform team responsible for integrating Stimulsoft Dashboards.JS is the primary owner. The first actionable step is to identify all instances of this technology, assess their reachability and business criticality, and then confirm the specific accountable owner before proceeding with remediation planning.

  • Application or platform owners.
  • Verify instance reachability and criticality.
  • Coordinate vendor fix or workaround.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Stimulsoft Dashboards.PHP?

Stimulsoft Dashboards.PHP is a web-based reporting and analytics component. Developers integrate this technology into their web applications to enable data visualization and interactive dashboards for end users. It handles data processing tasks, including file operations, which allows the software to generate and save reports within the application environment.

How does CVE-2024-24398 create a security risk?

This vulnerability is classified as CWE-22, known as Improper Limitation of a Pathname to a Restricted Directory, or directory traversal. It means the software does not properly sanitize user input, allowing an attacker to navigate outside the intended folder. In this case, manipulating the file path can lead to arbitrary code execution, giving an attacker the ability to run unauthorized commands on the server.

Do I need to be authenticated to trigger this flaw?

No, this vulnerability does not require authentication. An attacker can initiate the attack remotely by sending a specifically crafted payload directly to the 'fileName' parameter used by the Save function. The vulnerability is triggered by these malformed requests; it is not triggered by standard, legitimate interactions with the dashboard's normal reporting features.

Is my system relevant for this CVE?

Halo Surface Signal indicates that because Stimulsoft components are often used in web-facing applications, they are likely reachable from the internet. If you use this technology in an application accessible to external users, your system is at higher risk. You should determine if your specific web instance is exposed to the internet or if it is restricted to internal network segments.

How do I respond to this threat?

First, locate where Stimulsoft Dashboards.PHP is integrated within your infrastructure. Once you have identified all instances, assess whether these components are internet-facing and determine the business impact if they were compromised. Finally, coordinate with the team that manages the application to verify if your current version is affected and plan to apply the vendor-provided security updates to mitigate the risk.

References