CVE-2024-27776 – CVE-2024-27776 is a critical path traversal vul... (How to Fix)

Q: What is the severity of CVE-2024-27776?

CVE-2024-27776 has a CVSS score of 9.8 (CRITICAL). CVE-2024-27776 is a critical path traversal vulnerability in MileSight DeviceHub that allows unauthenticated attackers to execute arbitrary code on affected systems. This vulnerability enables remote code execution by exploiting improper pathname restrictions. All organizations using vulnerable versions of MileSight DeviceHub are affected.

📋 TL;DR

CVE-2024-27776 is a critical path traversal vulnerability in MileSight DeviceHub that allows unauthenticated attackers to execute arbitrary code on affected systems. This vulnerability enables remote code execution by exploiting improper pathname restrictions. All organizations using vulnerable versions of MileSight DeviceHub are affected.

💻 Affected Systems

Products:

MileSight DeviceHub

Versions: Specific versions not detailed in provided references; all versions before patched release are likely affected

Operating Systems: Likely cross-platform as it's a software vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability appears to affect default configurations based on the unauthenticated nature and path traversal description.

📦 What is this software?

Devicehub by Milesight

View all CVEs affecting Devicehub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal sensitive data, pivot to internal networks, and establish persistent backdoors.

🟠

Likely Case

Unauthenticated remote code execution leading to ransomware deployment, data exfiltration, or system disruption.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and strict access controls are implemented.

🌐 Internet-Facing: HIGH - Unauthenticated RCE with CVSS 9.8 score makes internet-facing instances extremely vulnerable to widespread exploitation.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or attackers who breach perimeter defenses.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity, and the CVSS 9.8 score suggests weaponization is likely even without public PoC.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not provided in references; check vendor advisory

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: Yes

Instructions:

1. Check the vendor advisory for patched version. 2. Backup configuration and data. 3. Apply the security patch from MileSight. 4. Restart the DeviceHub service. 5. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MileSight DeviceHub from internet and restrict internal access

Configure firewall rules to block external access to DeviceHub ports

Web Application Firewall

all

Implement WAF rules to block path traversal patterns

Add WAF rule: deny requests containing '../' or similar path traversal sequences

🧯 If You Can't Patch

Immediately isolate the system from all networks and internet access
Implement strict network access controls allowing only essential connections from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check DeviceHub version against vendor advisory; test with controlled path traversal attempts if authorized

Check Version:

Check DeviceHub web interface or configuration files for version information

Verify Fix Applied:

Verify installed version matches patched version from vendor; test that path traversal attempts are properly blocked

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Requests containing '../' sequences
Unexpected process execution

Network Indicators:

Unusual outbound connections from DeviceHub
Traffic to unexpected ports or IPs

SIEM Query:

source="DeviceHub" AND (url="*../*" OR process="unexpected_executable")

📊 Metadata

CVE ID: CVE-2024-27776

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 2, 2024

Last Updated: April 10, 2025

🔗 References

https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27776, you might also want to check these: