CVE-2024-12917
📋 TL;DR
This vulnerability in Agito Computer Health4All allows unauthorized external parties to access files or directories due to misconfigured access controls and authentication abuse. Attackers can exploit this to view sensitive system information or potentially modify data. All Health4All installations before version 10.01.2025 are affected.
💻 Affected Systems
- Agito Computer Health4All
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with unauthorized access to all files, potential data theft, and system manipulation leading to service disruption.
Likely Case
Unauthorized access to sensitive configuration files, health data, or system logs leading to information disclosure and potential credential harvesting.
If Mitigated
Limited access to non-critical files with proper authentication and access controls preventing significant damage.
🎯 Exploit Status
Requires understanding of the application's directory structure and authentication mechanisms, but no advanced technical skills needed once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.01.2025 or later
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0042
Restart Required: No
Instructions:
1. Download Health4All version 10.01.2025 or later from official vendor sources. 2. Backup current configuration and data. 3. Install the updated version following vendor documentation. 4. Verify proper functionality post-update.
🔧 Temporary Workarounds
Restrict Network Access
allLimit access to Health4All service to trusted IP addresses only using firewall rules.
iptables -A INPUT -p tcp --dport [HEALTH4ALL_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [HEALTH4ALL_PORT] -j DROP
Implement Web Application Firewall
allDeploy WAF rules to block unauthorized directory traversal and access attempts.
🧯 If You Can't Patch
- Implement strict access control lists (ACLs) on Health4All directories and files
- Enable detailed logging and monitoring for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check Health4All version via web interface or configuration file. If version is earlier than 10.01.2025, system is vulnerable.Check Version:
Check Health4All web interface or configuration file for version informationVerify Fix Applied:
After patching, attempt to access Health4All directories without proper authentication. Access should be denied.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Health4All directories
- Failed authentication logs with directory traversal patterns
- Access to sensitive files without proper authentication
Network Indicators:
- Unusual HTTP requests to Health4All endpoints with directory traversal patterns
- Multiple failed authentication attempts followed by successful unauthorized access
SIEM Query:
source="health4all.log" AND (event_type="access_denied" OR event_type="unauthorized_access") AND (uri CONTAINS "../" OR uri CONTAINS "/etc/" OR uri CONTAINS "/config/")