CVE-2024-35526
📋 TL;DR
This vulnerability in the FarCry Core framework allows attackers to access sensitive information stored in the /facade directory without authentication. It affects all systems running FarCry Core versions before 7.2.14. The exposed information could include configuration files, credentials, or other sensitive data.
💻 Affected Systems
- Daemon PTY Limited FarCry Core framework
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials, database connection strings, API keys, or other sensitive configuration data leading to complete system compromise.
Likely Case
Attackers access configuration files containing sensitive information that could be used for further attacks or data exfiltration.
If Mitigated
Limited exposure of non-critical configuration data with no direct path to system compromise.
🎯 Exploit Status
Exploitation appears to be simple directory traversal or direct file access without authentication requirements.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.2.14
Vendor Advisory: https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html
Restart Required: Yes
Instructions:
1. Backup your current installation. 2. Download FarCry Core version 7.2.14 or later. 3. Replace the existing installation with the patched version. 4. Restart the application server. 5. Verify the /facade directory is no longer accessible.
🔧 Temporary Workarounds
Restrict /facade directory access
allConfigure web server to block access to the /facade directory
# For Apache: add to .htaccess
<Directory "/path/to/facade">
Order deny,allow
Deny from all
</Directory>
# For Nginx: add to server block
location /facade {
deny all;
return 403;
}
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the FarCry Core application
- Deploy a web application firewall (WAF) with rules to block access to /facade directory patterns
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[your-server]/facade/ or similar paths. If you can access files in this directory, the system is vulnerable.Check Version:
Check the FarCry Core version in the application administration panel or configuration files.Verify Fix Applied:
After patching, attempt to access the /facade directory. You should receive a 403 Forbidden or 404 Not Found error.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to /facade/* requests
- Unusual file access patterns to facade directory
- Multiple failed authentication attempts followed by facade directory access
Network Indicators:
- HTTP GET requests to /facade/* paths
- Traffic patterns showing directory traversal attempts
SIEM Query:
source="web_server_logs" AND (uri_path="/facade/*" OR uri_path CONTAINS "/facade/") AND response_code=200