CVE-2024-54453
📋 TL;DR
A path traversal vulnerability in Kurmi Provisioning Suite's DocServlet servlet allows remote attackers to read any file from the web application installation folder. This could expose sensitive files like obfuscated source code, configuration files, or credentials. Affected versions are before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15.
💻 Affected Systems
- Kurmi Provisioning Suite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers retrieve sensitive configuration files containing database credentials, API keys, or encryption keys, leading to full system compromise, data exfiltration, or lateral movement.
Likely Case
Attackers access obfuscated source code to analyze for additional vulnerabilities, or retrieve configuration files that may contain sensitive information.
If Mitigated
Limited exposure of non-critical files if proper access controls and network segmentation are implemented.
🎯 Exploit Status
Path traversal vulnerabilities typically require minimal technical skill to exploit via crafted HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.9.0.35, 7.10.0.19, 7.11.0.16 or later
Vendor Advisory: https://kurmi-software.com/cve/cve-2024-54453/
Restart Required: Yes
Instructions:
1. Download the patched version from Kurmi Software. 2. Backup current installation. 3. Apply the patch according to vendor instructions. 4. Restart the Kurmi Provisioning Suite service.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to the Kurmi web application to trusted IP addresses only.
Web Server Configuration
allConfigure web server (e.g., Apache, IIS) to block requests containing path traversal patterns like '../' or absolute paths.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the Kurmi server from untrusted networks.
- Deploy a web application firewall (WAF) with rules to detect and block path traversal attempts.
🔍 How to Verify
Check if Vulnerable:
Check the Kurmi Provisioning Suite version via the web interface or configuration files. If version matches affected ranges, assume vulnerable.Check Version:
Check web interface or consult Kurmi documentation for version check command specific to your installation.Verify Fix Applied:
After patching, verify the version is 7.9.0.35+, 7.10.0.19+, or 7.11.0.16+. Test with controlled path traversal attempts to confirm blocking.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns to DocServlet endpoints
- Unusual file access patterns in web server logs
Network Indicators:
- HTTP requests with path traversal payloads (e.g., GET /DocServlet?file=../../../etc/passwd)
SIEM Query:
source="web_server_logs" AND uri="*DocServlet*" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*")