CVE-2024-41163 – An unauthenticated directory traversal vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-41163?

CVE-2024-41163 has a CVSS score of 7.5 (HIGH). An unauthenticated directory traversal vulnerability in Veertu Anka Build's archive functionality allows attackers to access sensitive files outside intended directories. This affects Anka Build 1.42.0 installations, potentially exposing configuration files, credentials, or other sensitive data.

📋 TL;DR

An unauthenticated directory traversal vulnerability in Veertu Anka Build's archive functionality allows attackers to access sensitive files outside intended directories. This affects Anka Build 1.42.0 installations, potentially exposing configuration files, credentials, or other sensitive data.

💻 Affected Systems

Products:

Veertu Anka Build

Versions: 1.42.0

Operating Systems: macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the archive functionality HTTP endpoint in default configurations.

📦 What is this software?

Anka Build Cloud by Veertu

View all CVEs affecting Anka Build Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through exposure of credentials, configuration files, or sensitive data leading to lateral movement or data exfiltration.

🟠

Likely Case

Disclosure of sensitive configuration files, environment variables, or credentials stored in accessible directories.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthenticated access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.42.1 or later

Vendor Advisory: https://veertu.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest version from Veertu website. 2. Stop Anka Build service. 3. Install updated version. 4. Restart service.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Anka Build HTTP endpoints using firewall rules.

sudo ufw deny from any to any port 8080
iptables -A INPUT -p tcp --dport 8080 -j DROP

Reverse Proxy with Path Validation

all

Place behind reverse proxy that validates and sanitizes URL paths.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Anka Build from untrusted networks.
Deploy web application firewall (WAF) with directory traversal protection rules.

🔍 How to Verify

Check if Vulnerable:

Check if running Anka Build 1.42.0 via version command or service status.

Check Version:

anka version | grep Build

Verify Fix Applied:

Verify version is 1.42.1 or later and test archive endpoint with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with ../ sequences to archive endpoints
Unusual file access patterns from web logs

Network Indicators:

HTTP requests containing directory traversal sequences (../, ..\) to port 8080

SIEM Query:

source="anka.log" AND "../" AND "archive"

📊 Metadata

CVE ID: CVE-2024-41163

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: October 3, 2024

Last Updated: December 18, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2059 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2059

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41163, you might also want to check these: