CVE-2024-52792

Summary

CVE-2024-52792: The LDAP Account Manager (LAM) software, used for managing LDAP directory entries, has a vulnerability where it fails to sanitize configuration values in `mainmanage.php` and `confmain.php`. This issue enables an attacker to set arbitrary config values, effectively bypassing the mitigation for CVE-2024-23333. The configuration values for the main config or server profiles are set via these files and written to `config.cfg` or `serverprofile.conf`. An attacker can insert newlines in certain config fields followed by the value to smuggle arbitrary config values into the files. This vulnerability has been resolved in version 9.0, and all users are advised to upgrade as there are no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.