Alvaria Unified IP Unified Director Unauthenticated File Upload Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability allowing insecure file uploads has been identified in Alvaria Unified IP Unified Director versions prior to 7.4 SP2. This issue allows remote attackers to upload arbitrary files, including malicious JSP files, to the server without authentication. The vulnerability is present in the ProcessUploadFromURL.jsp component, where the source and filename parameters can be exploited to execute arbitrary code.
Impact
Exploitation of this vulnerability could lead to unauthorized file uploads and remote code execution on the affected server.
Reproduction
To reproduce this vulnerability, send a request to the ProcessUploadFromURL.jsp endpoint with a specified remote file in the source parameter and a filename for the uploaded file. The uploaded file can then be accessed through the Unified Director file path, allowing for remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.