CVE-2024-45256

Summary

CVE-2024-45256 is a critical vulnerability found in BYOB (Build Your Own Botnet) 2.0 that allows attackers to exploit an arbitrary file write issue in the exfiltration endpoint, specifically in the file_add function located in api/files/routes.py. This vulnerability enables unauthorized users to overwrite SQLite databases and bypass authentication through crafted HTTP requests without needing any privileges or user interaction. Affected products include the BYOB software, posing significant risks as the potential impact on confidentiality, integrity, and availability is rated as high. To remediate this vulnerability, organizations are advised to update their BYOB installations and implement proper access controls to restrict unauthorized HTTP requests. The exploitability score of 3.9 indicates that the attack complexity is low, further emphasizing the need for immediate action to protect sensitive data from potential compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.