Description

FNT Command before 13.4.1 allows an authenticated attacker to upload files to arbitrary locations on the server due to insufficient validation of user‑supplied file paths, enabling directory traversal during file upload handling. Depending on the deployment and configuration, successful exploitation may lead to full system compromise, for example by uploading executable files or overwriting security‑relevant resources.

Details

• Product: FNT Command
• Affected Versions: <= 13.4.0
• Vulnerability Type: CWE-434: Unrestricted Upload of File with Dangerous Type
• Risk Level: High - CVSS 3.1: 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
• Authentication: Required
• Vendor URL: https://www.fntsoftware.com/
• Vendor acknowledged vulnerability: Yes
• Vendor Status: Fixed
• CVE: CVE-2024-44599

Impact

The application does not sufficiently validate or sanitize manipulated file names and paths when processing uploads. As a result, an authenticated user can perform directory traversal and place arbitrary files outside the intended upload directory. This could allow an attacker to access arbitrary files on the server by manipulating configuration files and may ultimately enable remote code execution.

References

• National Vulnerability Database CVE-2024-44599

Timeline

• 2024-09: Vulnerability reported to the vendor.
• 2024-10: Vendor published a fix for the issue.
• 2025-04: Information about the vulnerability is published.

Credits

• Bastian Recktenwald (Bastian.Recktenwald@ZeroBreach.de)