CVE-2024-6127

BC Security Empire Path Traversal RCE

CVSS 9.8 CRITICALEPSS 10.3%CWE-22 CWE-434

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 10.3%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado

Lifecycle

15 Oct 2016Metasploit module available

27 Jun 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

BC Security · Empire

public PoCs found — 1

cve_referencegithub.com/ACE-Responder/Empire-C2-RCE-PoCunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://aceresponder.com/blog/exploiting-empire-c2-framework https://github.com/ACE-Responder/Empire-C2-RCE-PoC https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102 https://vulncheck.com/advisories/empire-unauth-rce