CVE-2024-38449 – This CVE describes a directory traversal vulner... (How to Fix)

Q: What is the severity of CVE-2024-38449?

CVE-2024-38449 has a CVSS score of 7.7 (HIGH). This CVE describes a directory traversal vulnerability in KasmVNC that allows authenticated remote attackers to access files and directories outside the intended application scope. Attackers can read sensitive files on the server, potentially exposing configuration data, credentials, or other confidential information. This affects KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and earlier versions.

📋 TL;DR

This CVE describes a directory traversal vulnerability in KasmVNC that allows authenticated remote attackers to access files and directories outside the intended application scope. Attackers can read sensitive files on the server, potentially exposing configuration data, credentials, or other confidential information. This affects KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and earlier versions.

💻 Affected Systems

Products:

KasmVNC

Versions: 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and earlier

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the VNC server. The vulnerability exists in the file transfer functionality.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or credentials, leading to complete system compromise, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Attackers with valid credentials can read files outside the VNC directory, potentially accessing application configuration, logs, or other sensitive data stored on the server.

🟢

If Mitigated

With proper network segmentation, strong authentication controls, and file system permissions, impact is limited to reading files accessible to the KasmVNC process user.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid VNC credentials. The directory traversal can be performed through the file transfer feature using path traversal sequences like '../'.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 or later (check for specific patched version)

Vendor Advisory: https://kasmweb.atlassian.net/servicedesk/customer/portal/3/topic/30ffee7f-4b85-4783-b118-6ae4fd8b0c52

Restart Required: Yes

Instructions:

1. Update KasmVNC to the latest version. 2. Restart the KasmVNC service. 3. Verify the fix by testing directory traversal attempts.

🔧 Temporary Workarounds

Disable file transfer feature

all

Disable the file transfer functionality in KasmVNC configuration to prevent exploitation of this vulnerability.

Edit KasmVNC configuration file and set 'FileTransfer' to 'false' or remove file transfer permissions.

Restrict VNC user permissions

linux

Run KasmVNC with a limited user account that has minimal file system access.

Create dedicated user for KasmVNC: 'sudo useradd -r -s /bin/false kasmvnc'
Run KasmVNC as this user: 'sudo -u kasmvnc kasmvnc_command'

🧯 If You Can't Patch

Implement strict network access controls to limit VNC access to trusted IPs only.
Use application-level firewalls to block directory traversal patterns in VNC traffic.

🔍 How to Verify

Check if Vulnerable:

Test if authenticated VNC sessions can access files outside the intended directory using path traversal sequences (e.g., '../../etc/passwd').

Check Version:

kasmvnc --version or check the installed package version via system package manager

Verify Fix Applied:

After patching, attempt the same directory traversal tests and verify they are blocked or return appropriate errors.

📡 Detection & Monitoring

Log Indicators:

Failed file access attempts with path traversal patterns
Unusual file read operations from VNC user account
Multiple '../' sequences in file transfer requests

Network Indicators:

VNC traffic containing path traversal sequences in file transfer operations
Unusual file read patterns over VNC protocol

SIEM Query:

source="kasmvnc.log" AND ("../" OR "..\\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2024-38449

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-22

Published: June 17, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38449, you might also want to check these: