CVE-2024-10126
📋 TL;DR
This CVE describes a Local File Inclusion vulnerability in M-Files Server that allows authenticated users to read server local files of limited filetypes via the document preview feature. It affects M-Files Server versions before 24.11, excluding specific security releases. The vulnerability requires authentication but could expose sensitive server files.
💻 Affected Systems
- M-Files Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could read sensitive server configuration files, credentials, or other restricted data stored on the server filesystem, potentially leading to further system compromise.
Likely Case
Authenticated users with malicious intent could access limited filetypes on the server, potentially exposing internal documents or configuration information.
If Mitigated
With proper access controls and monitoring, the impact is limited to reading specific filetypes by authenticated users only.
🎯 Exploit Status
Exploitation requires authenticated access to M-Files Server and knowledge of the document preview feature
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.11 or later
Vendor Advisory: https://product.m-files.com/security-advisories/CVE-2024-10126
Restart Required: Yes
Instructions:
1. Download M-Files Server version 24.11 or later from official vendor sources. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart M-Files Server services.
🔧 Temporary Workarounds
Restrict Document Preview Access
windowsLimit access to document preview functionality to only trusted users
File System Permissions
windowsApply strict file system permissions to limit what files M-Files Server can access
🧯 If You Can't Patch
- Implement strict access controls to limit which users can use document preview features
- Monitor server logs for unusual file access patterns through document preview functionality
🔍 How to Verify
Check if Vulnerable:
Check M-Files Server version in administration console or via Windows ServicesCheck Version:
Check M-Files Server version in Control Panel > Programs and Features or via M-Files Admin toolVerify Fix Applied:
Verify version is 24.11 or later, or one of the excluded secure releases (24.8 SR1, 24.2 SR3, 23.8 SR7)📡 Detection & Monitoring
Log Indicators:
- Unusual document preview requests
- Multiple failed file access attempts through preview
- Access to non-standard file paths via preview
Network Indicators:
- Unusual patterns in document preview API calls
- Requests for file paths outside normal document storage
SIEM Query:
source="m-files" AND (event="document_preview" OR event="file_access") AND (path CONTAINS ".." OR path CONTAINS ":\\")