This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Directory Traversal in MasterSAM Star Gate v11. <br>π₯ **Consequences**: Attackers can read **arbitrary files** from the server via the `/adama/adama/downloadService` endpoint.β¦
π‘οΈ **Root Cause**: Lack of **path validation** on the `file` parameter. <br>π **CWE**: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The app fails to sanitize user input before accessing files.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: MasterSAM Star Gate **Version 11**. <br>π’ **Vendor**: MasterSAM. <br>β οΈ **Component**: The `downloadService` API used for troubleshooting logs.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Access **any file** on the server filesystem. <br>π **Data Risk**: Read logs, configs, or sensitive credentials. <br>π **Privilege**: No authentication required to exploit this specific endpoint.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. <br>π **Auth**: **None required** (Unauthenticated). <br>βοΈ **Config**: Simple GET request manipulation. Easy to trigger for anyone who knows the endpoint.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π» **Public Exp?**: **YES**. <br>π **PoC**: Available on GitHub (`h13nh04ng/CVE-2024-55457-PoC`). <br>π **Scanner**: Nuclei templates exist (`projectdiscovery/nuclei-templates`). Wild exploitation is possible.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Send a GET request to `/adama/adama/downloadService?file=../../etc/passwd` (or equivalent for your OS). <br>π‘ **Scan**: Use Nuclei with the CVE-2024-55457 template.β¦
π§ **No Patch?**: **Block** the endpoint `/adama/adama/downloadService` via WAF or firewall. <br>π **Restrict**: Ensure this API requires authentication if possible.β¦
π₯ **Urgency**: **HIGH**. <br>β‘ **Reason**: Unauthenticated + Public PoC + Critical Data Exposure. <br>π **Action**: Patch or mitigate **immediately**. Do not wait.