CVE-2024-11947
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
In short
A flaw in GFI Archiver's Core Service allows an authenticated attacker to send specially crafted data that gets deserialized without proper validation, leading to arbitrary code execution with system-level privileges.
Technical detail
The Core Service (TCP port 8017) deserializes untrusted user-supplied data without validation, enabling remote code execution in SYSTEM context. Authentication is required; exploitation involves sending malicious serialized objects to trigger arbitrary code execution.
Summary generated and translated by AI from the official description.
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
GFI · ArchiverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →