CVE-2024-45241
📋 TL;DR
This CVE describes a path traversal vulnerability in CentralSquare CryWolf's GeneralDocs.aspx file that allows unauthenticated attackers to read files outside the web directory by manipulating the rpt parameter. This can lead to disclosure of sensitive information like configuration files, credentials, or system data. All systems running CentralSquare CryWolf False Alarm Management through version 2024-08-09 are affected.
💻 Affected Systems
- CentralSquare CryWolf False Alarm Management Solution
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through credential theft from configuration files, followed by lateral movement and data exfiltration.
Likely Case
Sensitive information disclosure including database credentials, system files, and application configuration data.
If Mitigated
Limited impact with proper network segmentation and file system permissions restricting access to sensitive files.
🎯 Exploit Status
Public proof-of-concept code exists on GitHub. Exploitation requires only web access and knowledge of the vulnerable parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution
Restart Required: No
Instructions:
Contact CentralSquare for patch information. Monitor vendor communications for security updates.
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to block path traversal sequences in the rpt parameter
Implement web application firewall rules or application-level filtering for '../', '..\', and similar sequences
Access Restriction
allRestrict access to GeneralDocs.aspx file
Configure web server to require authentication for GeneralDocs.aspx
Implement IP whitelisting for the endpoint
🧯 If You Can't Patch
- Implement network segmentation to isolate CryWolf systems from sensitive data stores
- Deploy web application firewall with path traversal protection rules
🔍 How to Verify
Check if Vulnerable:
Test by accessing GeneralDocs.aspx with rpt parameter containing path traversal sequences like '../../windows/win.ini'Check Version:
Check application version through administrative interface or contact vendorVerify Fix Applied:
Verify that path traversal attempts return error messages or are blocked, and that normal file access functions correctly📡 Detection & Monitoring
Log Indicators:
- Multiple failed file access attempts with traversal sequences
- Unusual file access patterns from single IPs
- Access to GeneralDocs.aspx with suspicious rpt parameter values
Network Indicators:
- HTTP requests to GeneralDocs.aspx with '../' sequences in parameters
- Unusual file download patterns from the application
SIEM Query:
source="web_logs" AND uri="*GeneralDocs.aspx*" AND (param="*../*" OR param="*..\\*")