CVE-2022-24251 – Extensis Portfolio v4.0 contains an authenticat... (How to Fix)

Q: What is the severity of CVE-2022-24251?

CVE-2022-24251 has a CVSS score of 8.8 (HIGH). Extensis Portfolio v4.0 contains an authenticated unrestricted file upload vulnerability in the Catalog Asset Upload function. This allows authenticated attackers to upload malicious files to the server, potentially leading to remote code execution. Organizations using Extensis Portfolio v4.0 are affected.

📋 TL;DR

Extensis Portfolio v4.0 contains an authenticated unrestricted file upload vulnerability in the Catalog Asset Upload function. This allows authenticated attackers to upload malicious files to the server, potentially leading to remote code execution. Organizations using Extensis Portfolio v4.0 are affected.

💻 Affected Systems

Products:

Extensis Portfolio

Versions: v4.0

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the Catalog Asset Upload function.

📦 What is this software?

Portfolio by Extensis

View all CVEs affecting Portfolio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker uploads webshell or malicious executable, gains remote code execution with server privileges, and compromises the entire system.

🟠

Likely Case

Authenticated user or compromised account uploads malicious file leading to server compromise, data theft, or lateral movement.

🟢

If Mitigated

With proper file type validation and authentication controls, impact limited to unauthorized file storage without execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.1 or later

Vendor Advisory: http://extensis.com

Restart Required: Yes

Instructions:

1. Download latest version from Extensis website. 2. Backup current installation. 3. Install update following vendor instructions. 4. Restart Portfolio services.

🔧 Temporary Workarounds

Restrict file upload types

all

Configure Portfolio to only accept specific safe file extensions for uploads.

Implement web application firewall rules

all

Block uploads of executable files and scripts via WAF.

🧯 If You Can't Patch

Disable Catalog Asset Upload functionality entirely
Implement strict network segmentation and limit access to Portfolio servers

🔍 How to Verify

Check if Vulnerable:

Check Portfolio version in admin interface or about dialog. If version is exactly 4.0, system is vulnerable.

Check Version:

Check Portfolio admin dashboard or about dialog for version information.

Verify Fix Applied:

Verify version is 4.0.1 or higher and test file upload with restricted file types.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Catalog Asset Upload endpoint
Uploads of executable files (.exe, .php, .jsp, etc.)

Network Indicators:

POST requests to upload endpoints with unusual file types
Large file uploads to Portfolio servers

SIEM Query:

source="portfolio.log" AND (event="file_upload" AND file_extension IN ("exe", "php", "jsp", "asp", "aspx"))

📊 Metadata

CVE ID: CVE-2022-24251

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: March 1, 2022

Last Updated: November 21, 2024

🔗 References

http://extensis.com Product
http://portfolio.com Not Applicable
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ Exploit,Third Party Advisory
http://extensis.com Product
http://portfolio.com Not Applicable
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24251, you might also want to check these: