CVE-2022-24241 – ACEweb Online Portal 3.5.065 contains a path tr... (How to Fix)

📋 TL;DR

ACEweb Online Portal 3.5.065 contains a path traversal vulnerability in the txtFilePath parameter of attachments.awp that allows attackers to read arbitrary files on the server. This affects all organizations using this specific version of ACEweb Online Portal. The vulnerability enables unauthorized access to sensitive system files.

💻 Affected Systems

Products:

ACEweb Online Portal

Versions: 3.5.065

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects ACEweb Online Portal version 3.5.065; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Aceweb Online Portal by Aceware

View all CVEs affecting Aceweb Online Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files, credentials, or system files leading to further exploitation.

🟠

Likely Case

Unauthorized access to sensitive application data, configuration files, or user information stored on the server.

🟢

If Mitigated

Limited impact with proper file system permissions and input validation in place.

🌐 Internet-Facing: HIGH - The vulnerability is in a web portal component that is typically internet-facing.

🏢 Internal Only: MEDIUM - Internal users could exploit this to access unauthorized files on the server.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be straightforward to exploit via path traversal techniques in the txtFilePath parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.aceware.com/forum/viewtopic.php?f=7&t=481

Restart Required: No

Instructions:

1. Check vendor forum for updates
2. Upgrade to a patched version when available
3. Apply input validation to txtFilePath parameter

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to restrict file paths to allowed directories only

Implement path validation in attachments.awp to prevent directory traversal

Web Application Firewall Rule

all

Block requests containing path traversal sequences in the txtFilePath parameter

WAF rule: Block requests with '..', '../', or absolute paths in txtFilePath parameter

🧯 If You Can't Patch

Implement strict file system permissions to limit what files the web server can access
Deploy a web application firewall with rules to detect and block path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Test if the attachments.awp endpoint accepts path traversal sequences in the txtFilePath parameter

Check Version:

Check ACEweb Online Portal version in administration panel or configuration files

Verify Fix Applied:

Verify that path traversal attempts are rejected and only allowed file paths are processed

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in web server logs
Requests to attachments.awp with suspicious path parameters

Network Indicators:

HTTP requests containing path traversal sequences (../, ..\) in parameters

SIEM Query:

web.url:*/attachments.awp* AND (web.param.txtFilePath:*..* OR web.param.txtFilePath:*../*)

📊 Metadata

CVE ID: CVE-2022-24241

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-610

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

http://aceware.com Product
http://aceweb.com Product
https://www.aceware.com/forum/viewtopic.php?f=7&t=481 Release Notes,Vendor Advisory
http://aceware.com Product
http://aceweb.com Product
https://www.aceware.com/forum/viewtopic.php?f=7&t=481 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24241, you might also want to check these: