CVE-2020-24102
📋 TL;DR
CVE-2020-24102 is a directory traversal vulnerability in Punkbuster's pbsv.d64 component that allows remote attackers to read arbitrary files and potentially execute arbitrary code. This affects Punkbuster version 2.351 running on game servers. Attackers can exploit this to compromise game servers and potentially pivot to other systems.
💻 Affected Systems
- Punkbuster Anti-Cheat System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full server compromise, data theft, and lateral movement to other systems in the network.
Likely Case
Arbitrary file read leading to credential harvesting, configuration disclosure, and potential privilege escalation.
If Mitigated
Limited impact with proper network segmentation, file system permissions, and monitoring in place.
🎯 Exploit Status
The vulnerability is well-documented with public proof-of-concept showing directory traversal exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.352 or later
Vendor Advisory: https://www.evenbalance.com/
Restart Required: Yes
Instructions:
1. Download latest Punkbuster update from Even Balance website. 2. Stop game server. 3. Apply update to Punkbuster installation. 4. Restart game server.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Punkbuster ports from untrusted networks
File System Restrictions
linuxApply strict file permissions to limit what Punkbuster can access
chmod 750 /path/to/punkbuster
chown root:root /path/to/punkbuster
🧯 If You Can't Patch
- Implement strict network access controls to limit who can connect to Punkbuster services
- Deploy application-level firewalls to detect and block directory traversal attempts
🔍 How to Verify
Check if Vulnerable:
Check Punkbuster version: On Linux: cat /path/to/pb/pbsv.log | grep version. On Windows: Check Punkbuster folder properties.Check Version:
Linux: grep -i version /path/to/pb/pbsv.log. Windows: Check file properties of pbsv.exe.Verify Fix Applied:
Verify version is 2.352 or higher using same commands as above.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in Punkbuster logs
- Multiple failed directory traversal attempts
Network Indicators:
- Unusual traffic patterns to Punkbuster ports (UDP 24347, TCP 24347)
- Multiple connection attempts with path traversal strings
SIEM Query:
source="punkbuster.log" AND ("..\" OR "../" OR "%2e%2e")