Login Sign Up

CVE-2022-24253

8.8 HIGH
Remote Code Execution

📋 TL;DR

Extensis Portfolio v4.0 contains an authenticated unrestricted file upload vulnerability in the AdminFileTransferServlet component. This allows authenticated attackers to upload arbitrary files, potentially leading to remote code execution. Organizations running vulnerable versions of Extensis Portfolio are affected.

💻 Affected Systems

Products:
  • Extensis Portfolio
Versions: v4.0
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the AdminFileTransferServlet component.

📦 What is this software?

Portfolio by Extensis

View all CVEs affecting Portfolio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains remote code execution with administrative privileges, leading to complete system compromise, data theft, and lateral movement.

🟠

Likely Case

Authenticated user uploads malicious files to execute arbitrary code, potentially gaining shell access or deploying malware.

🟢

If Mitigated

With proper network segmentation and least privilege, impact limited to the application server with no lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.1 or later

Vendor Advisory: http://extensis.com

Restart Required: Yes

Instructions:

1. Download latest version from Extensis website. 2. Backup configuration and data. 3. Install update following vendor instructions. 4. Restart Portfolio services.

🔧 Temporary Workarounds

Restrict AdminFileTransferServlet Access

all

Block or restrict access to the vulnerable servlet using web server configuration or firewall rules.

# Apache: <Location /AdminFileTransferServlet> Deny from all </Location>
# Nginx: location /AdminFileTransferServlet { deny all; }

Implement File Upload Restrictions

all

Configure Portfolio to only allow specific file types and implement file validation.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Portfolio servers from critical systems.
  • Enforce strong authentication policies and monitor for suspicious file upload activities.

🔍 How to Verify

Check if Vulnerable:

Check Portfolio version in admin interface or configuration files. Version 4.0 is vulnerable.

Check Version:

Check Portfolio web interface or consult application logs for version information.

Verify Fix Applied:

Verify version is 4.0.1 or later and test file upload functionality with restricted file types.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to AdminFileTransferServlet
  • Execution of unexpected files in Portfolio directories
  • Authentication attempts followed by file uploads

Network Indicators:

  • HTTP POST requests to /AdminFileTransferServlet with file uploads
  • Unusual outbound connections from Portfolio server

SIEM Query:

source="portfolio.log" AND (uri="/AdminFileTransferServlet" OR file_upload="true")

📊 Metadata

CVE ID: CVE-2022-24253
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: March 1, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24253, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)