Divd-2024-00031 case

_cases/2024/DIVD-2024-00031.md

@@ -0,0 +1,51 @@
+---
+layout: case
+title: "Unauthenticated Local File Inclusion vulnerability in ComfortKey"
+author: Victor Pasman
+lead: Alwin Warringa
+excerpt: "An Unautheticated Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system."
+researchers:
+- Alwin Warringa
+cves:
+- CVE-2024-27120
+product:
+- ComfortKey
+versions:
+- < 24.1.2. 
+recommendation: "Check for the patched versions and get those installed"
+workaround: "N/A"
+patch_status: Released
+status : Open
+start: 2024-08-05
+end:
+timeline:
+- start: 2024-07-02
+  end:
+  event: "DIVD contacted the vendor to disclose the vulnerability."
+- start: 2024-07-04
+  end:
+  event: "Supplier created/delivered beta version for retesting."
+- start: 2024-07-05
+  end:
+  event: "Patch was verified, vulnerability was resolved."
+- start: 2024-08-05
+  end:
+  event: "First version of this casefile."
+# ips: 0
+
+---
+
+## Summary
+An Unauthenticated Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system.
+
+## Recommendations
+Comfort Key released patched version 24.1.2. Please update to this version number or higher if possible.
+
+
+## What we are doing
+DIVD is currently working to identify parties that are running a vulnerable version of Geoserver and to notify these parties. We do this by verifying the presence of the vulnerability in a harmless manner and collect the software version number if possible.
+
+{% include timeline.html %}
+
+## More information
+* {% cve CVE-2024-27120 %}

_data/cves/2024/CVE-2024-27120.json

@@ -0,0 +1,135 @@
+{
+  "dataType": "CVE_RECORD",
+  "dataVersion": "5.1",
+  "cveMetadata": {
+    "cveId": "CVE-2024-27120",
+    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
+    "requesterUserId": "00000000-0000-4000-9000-000000000000",
+    "serial": 1,
+    "state": "PUBLISHED"
+  },
+  "containers": {
+    "cna": {
+      "providerMetadata": {
+        "orgId": "00000000-0000-4000-9000-000000000000"
+      },
+      "title": "Local File Inclusion in ComfortKey before version 24.1.2",
+      "problemTypes": [
+        {
+          "descriptions": [
+            {
+              "lang": "en",
+              "cweId": "CWE-200",
+              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+              "type": "CWE"
+            }
+          ]
+        }
+      ],
+      "impacts": [
+        {
+          "capecId": "CAPEC-126",
+          "descriptions": [
+            {
+              "lang": "en",
+              "value": "CAPEC-126 Path Traversal"
+            }
+          ]
+        }
+      ],
+      "affected": [
+        {
+          "vendor": "Celsius Benelux",
+          "product": "ComfortKey",
+          "versions": [
+            {
+              "status": "affected",
+              "version": "*",
+              "lessThan": "24.1.2"
+            }
+          ],
+          "defaultStatus": "unaffected"
+        }
+      ],
+      "descriptions": [
+        {
+          "lang": "en",
+          "value": "A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.",
+          "supportingMedia": [
+            {
+              "type": "text/html",
+              "base64": false,
+              "value": "A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "url": "https://csirt.divd.nl/CVE-2024-27120",
+          "tags": [
+            "third-party-advisory"
+          ]
+        },
+        {
+          "url": "https://csirt.divd.nl/DIVD-2024-00031/",
+          "tags": [
+            "third-party-advisory"
+          ]
+        }
+      ],
+      "metrics": [
+        {
+          "format": "CVSS",
+          "scenarios": [
+            {
+              "lang": "en",
+              "value": "GENERAL"
+            }
+          ],
+          "cvssV4_0": {
+            "version": "4.0",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "attackRequirements": "NONE",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "vulnConfidentialityImpact": "LOW",
+            "subConfidentialityImpact": "HIGH",
+            "vulnIntegrityImpact": "NONE",
+            "subIntegrityImpact": "NONE",
+            "vulnAvailabilityImpact": "NONE",
+            "subAvailabilityImpact": "NONE",
+            "Safety": "PRESENT",
+            "Automatable": "YES",
+            "Recovery": "USER",
+            "valueDensity": "CONCENTRATED",
+            "vulnerabilityResponseEffort": "MODERATE",
+            "providerUrgency": "RED",
+            "baseSeverity": "HIGH",
+            "baseScore": 7.7,
+            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Red"
+          }
+        }
+      ],
+      "credits": [
+        {
+          "lang": "en",
+          "value": "Alwin Warringa",
+          "type": "finder"
+        },
+        {
+          "lang": "en",
+          "value": "Max van der Horst",
+          "type": "analyst"
+        }
+      ],
+      "source": {
+        "discovery": "EXTERNAL"
+      },
+      "x_generator": {
+        "engine": "Vulnogram 0.2.0"
+      }
+    }
+  }
+}