CVE-2024-11239 – This critical vulnerability in Landray EKP allo... (How to Fix)

Q: What is the severity of CVE-2024-11239?

CVE-2024-11239 has a CVSS score of 5.4 (MEDIUM). This critical vulnerability in Landray EKP allows remote attackers to perform path traversal attacks via the deleteFile API endpoint. Attackers can delete arbitrary files on the server by manipulating the 'folder' parameter. All Landray EKP installations up to version 16.0 are affected.

📋 TL;DR

This critical vulnerability in Landray EKP allows remote attackers to perform path traversal attacks via the deleteFile API endpoint. Attackers can delete arbitrary files on the server by manipulating the 'folder' parameter. All Landray EKP installations up to version 16.0 are affected.

💻 Affected Systems

Products:

Landray EKP

Versions: Up to and including 16.0

Operating Systems: All platforms running Landray EKP

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The vulnerability exists in the API interface component.

📦 What is this software?

Landray Ekp by Landray

View all CVEs affecting Landray Ekp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, configuration files, or application data leading to service disruption, data loss, or privilege escalation.

🟠

Likely Case

Unauthorized deletion of application files leading to service disruption, data loss, or defacement of the EKP system.

🟢

If Mitigated

Limited impact with proper file permission restrictions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub repositories. The vulnerability requires no authentication and has simple exploitation steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact Landray for updates or consider upgrading to versions beyond 16.0 if available.

🔧 Temporary Workarounds

Block vulnerable endpoint

linux

Block access to the vulnerable API endpoint using web application firewall or network filtering

iptables -A INPUT -p tcp --dport 80 -m string --string "/sys/common/import.do?method=deleteFile" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/sys/common/import.do?method=deleteFile" --algo bm -j DROP

Restrict file permissions

linux

Set restrictive permissions on application directories to limit damage from file deletion

chmod 750 /path/to/landray/ekp/directories
chown root:root /path/to/landray/ekp/directories

🧯 If You Can't Patch

Implement strict network segmentation to isolate EKP systems from critical infrastructure
Deploy web application firewall with path traversal detection rules and block the specific vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test if the endpoint /sys/common/import.do?method=deleteFile accepts path traversal sequences in the 'folder' parameter

Check Version:

Check Landray EKP version in administration panel or configuration files

Verify Fix Applied:

Verify the endpoint no longer accepts path traversal sequences or is properly blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /sys/common/import.do?method=deleteFile with unusual folder parameters
File deletion events in system logs from web application user

Network Indicators:

HTTP requests containing path traversal sequences (../) to the vulnerable endpoint
Unusual patterns of file deletion API calls

SIEM Query:

source="web_access_logs" AND uri="/sys/common/import.do?method=deleteFile" AND (folder="*../*" OR folder="*..\\*" OR folder="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2024-11239

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-22

Published: November 15, 2024

Last Updated: November 19, 2024

🔗 References

https://github.com/CoinIsMoney/TempGuide/blob/main/LL-exp-03.pdf Exploit
https://vuldb.com/?ctiid.284674 Permissions Required,VDB Entry
https://vuldb.com/?id.284674 Permissions Required,VDB Entry
https://vuldb.com/?submit.438784 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11239, you might also want to check these: