从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞名称和编号: - Unauthenticated Path Traversal Vulnerability (CVE-2024-6049) 2. 漏洞描述: - Unauthenticated Path Traversal Vulnerability (CVE-2024-6049): The web interface of vsm LTC Time Sync (vTimeSync) is vulnerable to a path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker can download arbitrary files from the vulnerable system. As a limitation, the exploitation is only possible if the requested file has a file extension, e.g., .exe or .txt. 3. 漏洞影响: - The web server is running with highest SYSTEM privileges per default, which enables an attacker to gain access to privileged files. 4. 漏洞利用: - Proof of concept: To exploit the vulnerability, it is sufficient to use the following curl command to send a request to the vulnerable web server: - For example, the following command can be used to request the default file win.ini: - If the application is running with SYSTEM privileges (default), the following command can be used to exfiltrate the Powershell history of the Windows administrator, which might leak sensitive information: 5. 受影响版本: - The following version has been tested, which was the latest version available at the time of the test: - 4.4.12.0 - According to the vendor, versions before 4.5 are affected, and v4.5.6.0 includes the fixes. 6. 解决方案: - The vendor provides a patch in versions after v4.5, which can be downloaded from the following URL, such as version 4.5.6.0: 7. 工作绕过: - None 8. 顾问URL: - sec-consult.com/vulnerability-lab/ 9. 发布信息: - EOF Sandro Einfeldt, Dennis Jung, Johannes Greil / @2024 这些信息提供了关于漏洞的详细描述、利用方法、受影响版本、解决方案等关键细节。