Download our Guide to Penetration Testing to learn everything you need to know to successfully plan, scope and execute your penetration testing projects
The Cybersecurity and Infrastructure and Security Agency (CISA) and 17 international partners are encouraging a “Secure by Design” approach to digital product development. Secure by Design is a broad yet unregulated push for developers to release software in a securely configured state by default rather than prioritizing usability that would require users to enable security features post-installation. Although development teams might appreciate the ease of quickly deploying software, this often puts security on the back burner.
Secure by Design also encourages developers to use a "Shift Left" approach, implementing application security testing throughout the software development life cycle (SDLC) to identify common software weaknesses before they are pushed to market. Contrastingly, the EU has enacted the Cyber Resilience Act (CRA). The CRA is a formal legal requirement aimed at ensuring the responsible design of digital products. This legislation mandates that vendors adhere to strict design standards to enhance the security and resilience of their products. The CRA also imposes formal penalties on vendors who fail to comply with these regulations.
In this article, we will examine a recent Secure by Design alert from CISA: directory traversal vulnerabilities. We will review how this vulnerability manifests in software and how attackers can exploit it.
Directory traversal, also known as path traversal, is a security vulnerability resulting from insecure coding. This vulnerability occurs when an attacker manipulates file path inputs to access files outside the application's intended scope. Directory traversal vulnerabilities can appear in desktop, mobile, and web applications.
These vulnerabilities arise from poorly sanitized user inputs and allow attackers to access sensitive files, such as configuration files, password files, and system data, without authorization. By reading this sensitive data, attackers can further exploit systems through stolen credentials, privilege escalation, or lateral movement within a network to compromise adjacent systems.
In some instances, directory traversal vulnerabilities may enable attackers to write to existing files, alter their contents to enable insecure configuration settings, create malicious accounts, encrypt files for ransom, or destroy valuable files. Additionally, directory traversal vulnerabilities may allow attackers to save uploaded files to unintended locations. If user input specifies a file to execute, directory traversal vulnerabilities can even enable arbitrary code execution.
Applications can be vulnerable to directory traversal in scenarios where user input is used to access local files. In a typical attack, a malicious actor submits input containing a specially crafted file path, often involving sequences like ../ or ../../. If the targeted application does not properly sanitize the input, these sequences can cause the application to access restricted areas of the file system.
For example, if a web application accepts a user-provided file name to display, an attacker could modify the file name to something like ../../etc/shadow on a Unix system, tricking the server into revealing sensitive information from the system’s password file.
A search of CISA's catalog of Known Exploited Vulnerabilities (KEV) shows that attackers have exploited directory traversal vulnerabilities even recently. This likely prompted CISA's guidance to eliminate directory traversal vulnerabilities. Below are some of the vulnerabilities that attackers have leveraged recently, many of which have publicly available proof of concept (PoC) exploit code. Users of these applications should update their software to prevent falling victim to cyber attacks.
CVE-2024-8963 in Ivanti Cloud Services Appliance (CSA)
CVE-2024-7262 in Kingsoft WPS Office
CVE-2021-20123 in Draytek VigorConnect
CVE-2024-23897 in Jenkins Command Line Interface (CLI)
CVE-2024-32113 in Apache OFBiz Path Traversal Vulnerability
CVE-2024-28995 in SolarWinds Serv-U
Directory traversal vulnerabilities remain a significant threat to security, as highlighted by CISA’s recent alert emphasizing their impact. These vulnerabilities often stem from improper path validation or input sanitization, allowing attackers to access files outside the intended directories and potentially compromise the entire system.
While Secure by Design is a valuable principle, applying it in real-world software remains a challenge. Understanding the different forms of path traversal and their impacts is essential for development teams aiming to deliver secure software products. Staying informed and vigilant is crucial to defending against these types of exploits.
Share your details, and a member of our team will be in touch soon.
December 25 - Blog
It's official: Packetlabs has been recognized as one of the top penetration testing companies in 2024 on review platform Clutch.
December 10 - Blog
Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
© 2024 Packetlabs. All rights reserved.