- Description
- iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-22
- Hype score
- Not currently trending
"Oi, #InfoSec pros! New year, new CVE-2024-11944 exploit in #TrueNAS nixes the need for charm (who needs a password, eh?). Keep it cheeky but keep your data safer; patch up with version 13.0-U6.3 pronto! @Security_Guru, mild panic or swift action? #CyberSecurity #PatchNow" https:
@LimitedViewX
12 Feb 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TrueNAS CORE の脆弱性 CVE-2024-11944 が FIX:認証なしで RCE に至る可能性 https://t.co/vxxDtqWs8H 以前は FreeNAS と呼ばれていた TrueNAS ですが、PC を手軽に NAS にしてしまう OSS… https://t.co/oPior2GpQG
@iototsecnews
13 Jan 2025
205 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw https://t.co/kytvzJQk59
@WhalersLtd
4 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw #CVE-2024-11944 #TrueNAS #DirectoryTraversal #RCE https://t.co/pWMwETyq4f
@pravin_karthik
4 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-11944) in TrueNAS CORE allows unauthenticated attacks, risking data exfiltration and device compromise. Immediate updates are essential. #TrueNAS #DataBreach #USA #CybersecurityNews link: https://t.co/wqQy7UCGBt https://t.co/WGtmetF9Ed
@TweetThreatNews
3 Jan 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-49112 2 - CVE-2010-5139 3 - CVE-2024-49019 4 - CVE-2024-11944 5 - CVE-2024-8534 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی برای محصول TrueNAS CORE با کد شناسایی CVE-2024-11944 از نوع RCE منتشر شده است. نمره این آسیب پذیری 7.5 بوده و هکرها از شبکه مجاور و شبکه همسایه می توانند بدون احراز هویت و با دسترسی root روی سیستم آسیب پذیر کد اجرا نمایند. https://t.co/Poz3aKYxT1 https://t.co/i
@AmirHossein_sec
1 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
کشف آسیب پذیری برای محصولTrueNAS CORE آسیب پذیری جدیدی برای محصول TrueNAS CORE با کد شناسایی CVE-2024-11944 از نوع RCE منتشر شده است. نمره این آسیب پذیری 7.5 بوده و هکرها از شبکه مجاور و شبکه همسایه می توانند بدون احراز هویت و با دسترسی root روی سیستم آسیب پذیر کد اجرا نمایند.
@cybernetic_cy
1 Jan 2025
294 Impressions
6 Retweets
18 Likes
0 Bookmarks
9 Replies
0 Quotes
CVE-2024-11944: TrueNAS CORE Güvenlik Açığı Yetkisiz Saldırılara Kapı Açıyor https://t.co/8jHQOYy6Se
@cyberwebeyeos
31 Dec 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes