CVE-2024-46645
📋 TL;DR
CVE-2024-46645 is a directory traversal vulnerability in eNMS 4.0.0 that allows attackers to read arbitrary files on the server via the get_tree_files function. This affects all deployments running eNMS 4.0.0. Attackers can potentially access sensitive configuration files, credentials, or other system data.
💻 Affected Systems
- eNMS
📦 What is this software?
Enms by Enms
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through reading sensitive files like /etc/passwd, SSH keys, database credentials, or application configuration files containing secrets.
Likely Case
Information disclosure of sensitive files, potentially leading to credential theft and further system access.
If Mitigated
Limited impact if proper file permissions and web server restrictions are in place, though sensitive data may still be exposed.
🎯 Exploit Status
Directory traversal vulnerabilities are typically easy to exploit with simple path manipulation. The GitHub reference shows proof of concept details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Monitor eNMS project for security updates. 2. Consider upgrading to a newer version if available. 3. Apply workarounds until official patch is released.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement proper input validation to reject directory traversal sequences like ../, ..\, or absolute paths.
# Modify the get_tree_files function to validate and sanitize input parameters
# Example Python snippet: import os; safe_path = os.path.normpath(user_input).lstrip(os.sep)
Web Server Restrictions
linuxConfigure web server to restrict access to sensitive directories and implement URL filtering.
# Apache: <Location "/api/get_tree_files"> Require all denied </Location>
# Nginx: location ~ \.\./ { deny all; }
🧯 If You Can't Patch
- Implement strict network access controls to limit eNMS access to trusted networks only.
- Deploy a web application firewall (WAF) with directory traversal protection rules.
🔍 How to Verify
Check if Vulnerable:
Test by attempting to access files outside the intended directory using path traversal sequences like ../../etc/passwd in the get_tree_files parameter.Check Version:
# Check eNMS version in web interface or configuration filesVerify Fix Applied:
Attempt the same directory traversal attack after applying fixes. Successful fix should return error or empty result instead of file contents.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing ../, ..\, or similar traversal patterns in URL parameters
- Access to unexpected file paths in application logs
Network Indicators:
- Unusual file access patterns via the get_tree_files endpoint
- Requests attempting to access system files
SIEM Query:
source="web_logs" AND (uri_path="*get_tree_files*" AND (param="*../*" OR param="*..\\*"))