CVE-2024-7323 – Digiwin EasyFlow .NET has an access control vul... (How to Fix)

Q: What is the severity of CVE-2024-7323?

CVE-2024-7323 has a CVSS score of 6.5 (MEDIUM). Digiwin EasyFlow .NET has an access control vulnerability combined with insufficient input filtering, allowing authenticated remote attackers to download arbitrary files from the server. This affects organizations using vulnerable versions of Digiwin EasyFlow .NET workflow software. Regular users can exploit this to access sensitive system files.

📋 TL;DR

Digiwin EasyFlow .NET has an access control vulnerability combined with insufficient input filtering, allowing authenticated remote attackers to download arbitrary files from the server. This affects organizations using vulnerable versions of Digiwin EasyFlow .NET workflow software. Regular users can exploit this to access sensitive system files.

💻 Affected Systems

Products:

Digiwin EasyFlow .NET

Versions: Specific versions not detailed in references, but all versions before patch are likely affected

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access, but regular user privileges are sufficient

📦 What is this software?

Easyflow .net by Digiwin

View all CVEs affecting Easyflow .net →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could download critical system files (passwords, configuration files, database credentials), leading to complete system compromise and data exfiltration.

🟠

Likely Case

Attackers download sensitive business documents, user data, or configuration files containing credentials, leading to data breach and potential lateral movement.

🟢

If Mitigated

With proper network segmentation and file system permissions, impact limited to accessible directories only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but appears straightforward based on vulnerability description

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-7990-87183-2.html

Restart Required: Yes

Instructions:

1. Contact Digiwin for patch information
2. Apply the latest security update
3. Restart the EasyFlow service
4. Verify the fix

🔧 Temporary Workarounds

Restrict File System Access

windows

Apply strict file system permissions to limit what directories the EasyFlow service account can access

icacls "C:\Program Files\Digiwin\" /deny EASYFLOW_SERVICE_ACCOUNT:(OI)(CI)(F)

Network Segmentation

all

Isolate EasyFlow servers from sensitive systems and limit user access

🧯 If You Can't Patch

Implement strict network segmentation to isolate EasyFlow servers
Apply principle of least privilege to file system and service accounts

🔍 How to Verify

Check if Vulnerable:

Check if you're running Digiwin EasyFlow .NET and review version against vendor advisory

Check Version:

Check application version in control panel or application interface

Verify Fix Applied:

Test if authenticated users can still access arbitrary files via the vulnerable functionality

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from EasyFlow application
Multiple file download requests from single user session

Network Indicators:

Unexpected outbound file transfers from EasyFlow server

SIEM Query:

source="EasyFlow" AND (event="FileDownload" OR event="FileAccess") AND file_path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2024-7323

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-36

Published: August 2, 2024

Last Updated: September 11, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-7990-87183-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7989-9c4ea-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7323, you might also want to check these: