CVE-2024-54452
📋 TL;DR
A directory traversal and local file inclusion vulnerability in Kurmi Provisioning Suite allows authenticated administrators to access arbitrary files accessible to the Kurmi user account. This could expose sensitive configuration files containing database credentials and other system information. The vulnerability affects versions before 7.9.0.35 and 7.10.x through 7.10.0.18.
💻 Affected Systems
- Kurmi Provisioning Suite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to database credentials and other sensitive configuration files, potentially leading to database compromise, privilege escalation, or lateral movement within the environment.
Likely Case
Malicious administrators or compromised admin accounts exfiltrate sensitive configuration data, including database passwords, leading to data exposure and potential credential reuse attacks.
If Mitigated
Limited exposure of non-critical files due to proper access controls and monitoring of administrative activities.
🎯 Exploit Status
Exploitation requires valid administrator credentials. The vulnerability is in the logsSys.do page and involves directory traversal techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.9.0.35 and 7.10.0.19 or later
Vendor Advisory: https://kurmi-software.com/cve/cve-2024-54452/
Restart Required: Yes
Instructions:
1. Download the patched version from Kurmi Software. 2. Backup current configuration and data. 3. Install the update following vendor documentation. 4. Restart the Kurmi Provisioning Suite services.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit administrator accounts to only trusted personnel and implement multi-factor authentication.
File System Permissions
allRestrict file system permissions for the Kurmi user account to only necessary directories.
🧯 If You Can't Patch
- Implement strict monitoring and logging of all administrative access to the logsSys.do page.
- Segment the network to isolate Kurmi Provisioning Suite from sensitive systems and databases.
🔍 How to Verify
Check if Vulnerable:
Check the Kurmi Provisioning Suite version in the administration interface or configuration files. Compare against affected version ranges.Check Version:
Check the application web interface or consult Kurmi documentation for version checking commands specific to your installation.Verify Fix Applied:
Verify the installed version is 7.9.0.35 or later, or 7.10.0.19 or later. Test the logsSys.do functionality with directory traversal attempts.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to logsSys.do page
- Multiple failed directory traversal attempts in application logs
- Access to configuration files from unexpected IP addresses
Network Indicators:
- HTTP requests containing directory traversal sequences (../, ..\) to logsSys.do endpoint
SIEM Query:
source="kurmi_logs" AND (url="*logsSys.do*" AND (url="*../*" OR url="*..\*"))