CVE-2024-5421 Scanner
CVE-2024-5421 scanner - Arbitrary File Disclosure vulnerability in SEH utnserver Pro/ProMAX/INU-100
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
The SEH utnserver Pro/ProMAX/INU-100 is utilized in various industrial applications to manage and expose data services. Developed for secure file handling, it supports authenticated access to various files and directories. However, due to vulnerabilities, sensitive information can be improperly accessed. Organizations depend on it for reliable data management, but must ensure security. Regular vulnerability checks are crucial for maintaining integrity and confidentiality.
The identified vulnerability allows for arbitrary file disclosure within the SEH utnserver Pro/ProMAX/INU-100. This flaw permits authenticated users to access sensitive files that should be protected. While authentication is required, the vulnerability poses a significant risk of data exposure. It has been publicly disclosed as CVE-2024-5421, highlighting the importance of prompt remediation.
This vulnerability is found in the file handling functions of the SEH utnserver Pro, utnserver ProMAX, and INU-100. Specifically, it is triggered by unauthorized access attempts to the /info/dir?/
endpoint. The vulnerability arises when the server improperly processes requests, allowing sensitive information leakage. The presence of indicators in the response body signifies potential exposure of file system information. As a result, even authenticated users may retrieve data that could compromise security.
If exploited, this vulnerability can lead to significant data exposure, allowing unauthorized access to sensitive files. Malicious users could leverage this access for various nefarious purposes, including data theft and system compromise. Such breaches could result in reputational damage and financial loss for organizations. Additionally, it may violate compliance requirements and lead to legal repercussions.
By becoming a member of the S4E platform, you gain access to advanced vulnerability detection tools tailored to protect your digital assets. Our platform not only identifies vulnerabilities but also provides actionable remediation strategies. You’ll benefit from continuous monitoring, ensuring your systems are secure against evolving threats. Join us to enhance your cybersecurity posture and safeguard your valuable data.
References: