CVE-2024-12700 – Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type

https://notcve.org/view.php?id=CVE-2024-12700

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://aggregate.digital/downloads.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05 • CWE-434: Unrestricted Upload of File with Dangerous Type •