CVE-2024-40645 HIGH

CVE-2024-40645: FOG Authenticated File Upload RCE

Vendor Fogproject
Product fogproject
Weakness CWE-434 · Unrestricted file upload
Published July 31, 2024
Last update July 31, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.

Key dates

02Disclosure timeline

July 31, 2024 CVE published
July 31, 2024 Record updated