Arbitrary file upload in Advantive Veracore
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Vulnerability class: Unrestricted File Upload
EPSS: 0.411 (97.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Advantive Veracore — versions 0
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-57968?
- CVE-2024-57968 is a critical-severity vulnerability in Advantive Veracore, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.9/10. Published 2025-02-03.
- How severe is CVE-2024-57968?
- Critical severity. CVSS v3 base score is 9.9 out of 10.
- Is CVE-2024-57968 known to be exploited?
- Yes. CVE-2024-57968 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-03-10), indicating it is being actively exploited. 3 public proof-of-concept repositories are indexed.