CVE-2024-55401 – This directory traversal vulnerability in 4C St... (How to Fix)

Q: What is the severity of CVE-2024-55401?

CVE-2024-55401 has a CVSS score of 6.5 (MEDIUM). This directory traversal vulnerability in 4C Strategies Exonaut allows attackers to access files outside the intended directory structure. Organizations using Exonaut versions before v22.4 are affected, potentially exposing sensitive configuration files or system data.

📋 TL;DR

This directory traversal vulnerability in 4C Strategies Exonaut allows attackers to access files outside the intended directory structure. Organizations using Exonaut versions before v22.4 are affected, potentially exposing sensitive configuration files or system data.

💻 Affected Systems

Products:

4C Strategies Exonaut

Versions: All versions before v22.4

Operating Systems: All platforms running Exonaut

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with default configurations are vulnerable. The vulnerability exists in the application's file handling logic.

📦 What is this software?

Exonaut by 4cstrategies

View all CVEs affecting Exonaut →

Exonaut by 4cstrategies

View all CVEs affecting Exonaut →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration data, or potentially write files to execute arbitrary code, leading to complete system compromise.

🟠

Likely Case

Unauthorized access to application files, configuration data, or sensitive information stored in accessible directories.

🟢

If Mitigated

Limited to accessing non-sensitive files within the application's directory structure if proper input validation and access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of the application's file structure and may require authentication depending on implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v22.4 or later

Vendor Advisory: http://exonaut.com

Restart Required: No

Instructions:

1. Download Exonaut v22.4 or later from the vendor. 2. Follow the vendor's upgrade documentation. 3. Verify the installation completes successfully.

🔧 Temporary Workarounds

Input Validation Filtering

all

Implement strict input validation to reject directory traversal sequences like '../' in file paths

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block directory traversal patterns
Restrict file system permissions to the minimum required for the application

🔍 How to Verify

Check if Vulnerable:

Check the Exonaut version in the application interface or configuration files. If version is below 22.4, the system is vulnerable.

Check Version:

Check the application's admin interface or configuration files for version information

Verify Fix Applied:

Confirm the application version is 22.4 or higher after patching and test file access with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

Multiple failed file access attempts with '../' sequences
Unusual file access patterns outside normal directories

Network Indicators:

HTTP requests containing '../' or similar traversal patterns in URLs or parameters

SIEM Query:

source="web_server" AND (url="*../*" OR parameter="*../*")

📊 Metadata

CVE ID: CVE-2024-55401

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-22

EPSS Score: 0.08% exploit probability (23.9th percentile)

Published: August 7, 2025

Last Updated: October 1, 2025

🔗 References

http://exonaut.com Broken Link
https://gist.github.com/Jowu73/d157080aea62075a4d2c9bcf7a2e399c Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55401, you might also want to check these: