CVE-2024-24320 – This directory traversal vulnerability in Mgt-c... (How to Fix)

Q: What is the severity of CVE-2024-24320?

CVE-2024-24320 has a CVSS score of 8.8 (HIGH). This directory traversal vulnerability in Mgt-commerce CloudPanel allows authenticated attackers to read arbitrary files and execute code via the service parameter. It affects CloudPanel versions 2.0.0 through 2.4.0. Attackers can potentially access sensitive information and gain remote code execution.

📋 TL;DR

This directory traversal vulnerability in Mgt-commerce CloudPanel allows authenticated attackers to read arbitrary files and execute code via the service parameter. It affects CloudPanel versions 2.0.0 through 2.4.0. Attackers can potentially access sensitive information and gain remote code execution.

💻 Affected Systems

Products:

Mgt-commerce CloudPanel

Versions: v2.0.0 through v2.4.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit, but default configurations may be vulnerable.

📦 What is this software?

Cloudpanel by Mgt Commerce

View all CVEs affecting Cloudpanel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized file access leading to credential theft, configuration exposure, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and file system permissions restricting traversal.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.4.1 or later

Vendor Advisory: https://www.cloudpanel.io/docs/v2/security/

Restart Required: Yes

Instructions:

1. Backup your configuration and data. 2. Update CloudPanel to version 2.4.1 or later using the official update mechanism. 3. Restart the CloudPanel service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Access to CloudPanel

linux

Limit CloudPanel access to trusted IP addresses only using firewall rules.

iptables -A INPUT -p tcp --dport 8443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j DROP

Implement Web Application Firewall

all

Deploy a WAF with directory traversal protection rules to block exploitation attempts.

🧯 If You Can't Patch

Implement strict network segmentation to isolate CloudPanel instances from critical systems.
Enforce strong authentication policies and monitor for suspicious login attempts.

🔍 How to Verify

Check if Vulnerable:

Check CloudPanel version via admin interface or configuration files. Versions 2.0.0-2.4.0 are vulnerable.

Check Version:

grep -i version /opt/cloudpanel/version.txt || cloudpanel --version

Verify Fix Applied:

Verify CloudPanel version is 2.4.1 or later and test the load-logfiles function with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in CloudPanel logs
Multiple failed authentication attempts followed by load-logfiles requests

Network Indicators:

HTTP requests to load-logfiles with ../ sequences in parameters

SIEM Query:

source="cloudpanel.log" AND (uri="/load-logfiles" AND service CONTAINS "../")

📊 Metadata

CVE ID: CVE-2024-24320

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 14, 2024

Last Updated: November 21, 2024

🔗 References

https://datack.my/cloudpanel-v2-0-0-v2-4-0-authenticated-user-session-hijacking-cve-2024-24320/ Exploit,Third Party Advisory
https://datack.my/cloudpanel-v2-0-0-v2-4-0-authenticated-user-session-hijacking-cve-2024-24320/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24320, you might also want to check these: