cve-2024-5275
Vulnerability from cvelistv5
Published
2024-06-18 14:11
Modified
2024-08-01 21:11
Severity ?
EPSS score ?
Summary
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortra | FileCatalyst Direct |
Version: 3.7 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:filecatalyst_direct:3.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "filecatalyst_direct",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortra:filecatalyst_workflow:4.9.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "filecatalyst_workflow",
"vendor": "fortra",
"versions": [
{
"lessThan": "5.1.6",
"status": "affected",
"version": "4.9.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T18:37:44.102902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:16:50.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-007"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"TransferAgent"
],
"product": "FileCatalyst Direct",
"vendor": "Fortra",
"versions": [
{
"lessThanOrEqual": "3.8.10.138",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FileCatalyst Workflow",
"vendor": "Fortra",
"versions": [
{
"lessThanOrEqual": "5.1.6.130",
"status": "affected",
"version": "4.9.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Greg at Palmer Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\u0026nbsp;FileCatalyst Workflow from 5.1.6 Build 130 and earlier."
}
],
"value": "A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\u00a0FileCatalyst Workflow from 5.1.6 Build 130 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:11:37.005Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-007"
},
{
"url": "https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For FileCatalyst Direct users,\u0026nbsp;upgrade to 3.8.10 build 144 (or higher) \u003cbr\u003eFor FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)\u003cbr\u003eFor those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \"http\". If \"https\" is still required, a new SSL key and add it to the agent keystore."
}
],
"value": "For FileCatalyst Direct users,\u00a0upgrade to 3.8.10 build 144 (or higher) \nFor FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)\nFor those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \"http\". If \"https\" is still required, a new SSL key and add it to the agent keystore."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-5275",
"datePublished": "2024-06-18T14:11:37.005Z",
"dateReserved": "2024-05-23T16:28:44.181Z",
"dateUpdated": "2024-08-01T21:11:12.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5275\",\"sourceIdentifier\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"published\":\"2024-06-18T15:15:52.493\",\"lastModified\":\"2024-11-21T09:47:19.983\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\u00a0FileCatalyst Workflow from 5.1.6 Build 130 and earlier.\"},{\"lang\":\"es\",\"value\":\"Se puede encontrar una contrase\u00f1a codificada en FileCatalyst TransferAgent que se puede usar para desbloquear el almac\u00e9n de claves desde el cual se pueden leer los contenidos, por ejemplo, la clave privada para los certificados. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda dar lugar a un ataque de m\u00e1quina intermedia (MiTM) contra los usuarios del agente. Este problema afecta a todas las versiones de FileCatalyst Direct desde 3.8.10 Build 138 y anteriores y a todas las versiones de FileCatalyst Workflow desde 5.1.6 Build 130 y anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]}],\"references\":[{\"url\":\"https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm\",\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\"},{\"url\":\"https://www.fortra.com/security/advisory/fi-2024-007\",\"source\":\"df4dee71-de3a-4139-9588-11b62fe6c0ff\"},{\"url\":\"https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.fortra.com/security/advisory/fi-2024-007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.fortra.com/security/advisory/fi-2024-007\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:11:12.408Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5275\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-15T18:37:44.102902Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortra:filecatalyst_direct:3.7:*:*:*:*:*:*:*\"], \"vendor\": \"fortra\", \"product\": \"filecatalyst_direct\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7\", \"lessThan\": \"3.8.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortra:filecatalyst_workflow:4.9.8:*:*:*:*:*:*:*\"], \"vendor\": \"fortra\", \"product\": \"filecatalyst_workflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.8\", \"lessThan\": \"5.1.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-15T18:54:47.118Z\"}}], \"cna\": {\"title\": \"Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Greg at Palmer Research\"}], \"impacts\": [{\"capecId\": \"CAPEC-191\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-191 Read Sensitive Constants Within an Executable\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fortra\", \"modules\": [\"TransferAgent\"], \"product\": \"FileCatalyst Direct\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.10.138\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Fortra\", \"product\": \"FileCatalyst Workflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.9.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.1.6.130\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"For FileCatalyst Direct users,\\u00a0upgrade to 3.8.10 build 144 (or higher) \\nFor FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)\\nFor those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \\\"http\\\". If \\\"https\\\" is still required, a new SSL key and add it to the agent keystore.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For FileCatalyst Direct users,\u0026nbsp;upgrade to 3.8.10 build 144 (or higher) \u003cbr\u003eFor FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)\u003cbr\u003eFor those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \\\"http\\\". If \\\"https\\\" is still required, a new SSL key and add it to the agent keystore.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.fortra.com/security/advisory/fi-2024-007\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\\u00a0FileCatalyst Workflow from 5.1.6 Build 130 and earlier.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\u0026nbsp;FileCatalyst Workflow from 5.1.6 Build 130 and earlier.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-259\", \"description\": \"CWE-259 Use of Hard-coded Password\"}]}], \"providerMetadata\": {\"orgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"shortName\": \"Fortra\", \"dateUpdated\": \"2024-06-18T14:11:37.005Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5275\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:11:12.408Z\", \"dateReserved\": \"2024-05-23T16:28:44.181Z\", \"assignerOrgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"datePublished\": \"2024-06-18T14:11:37.005Z\", \"assignerShortName\": \"Fortra\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.