CVE-2024-11944 is a path traversal vulnerability classified under CWE-22 found in the tarfile.extractall method of iXsystems TrueNAS CORE version 13.3-RELEASE. The vulnerability arises because the method does not properly validate user-supplied file paths before extracting tar archives, allowing an attacker to write files outside the intended directory structure. This improper limitation of pathname enables directory traversal attacks, which can be leveraged to overwrite critical system files or place malicious executables. Exploitation requires network adjacency but no authentication or user interaction, making it accessible to remote attackers within the same network segment. The flaw can be combined with other vulnerabilities to escalate privileges and execute arbitrary code with root privileges, severely compromising the system. TrueNAS CORE is widely used in enterprise and data center environments for network-attached storage solutions, making this vulnerability particularly impactful. Although no public exploits have been reported yet, the vulnerability was assigned a CVSS v3.0 score of 7.5, indicating high severity due to its potential impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on December 30, 2024, and is tracked as ZDI-CAN-25626 in addition to the CVE identifier. No official patches were listed at the time of disclosure, emphasizing the need for immediate mitigation measures.

The impact of CVE-2024-11944 is substantial for organizations relying on TrueNAS CORE 13.3-RELEASE for critical storage infrastructure. Successful exploitation allows attackers to execute arbitrary code remotely without authentication, potentially leading to full system compromise with root privileges. This jeopardizes the confidentiality of sensitive data stored on the NAS, the integrity of system and user files, and the availability of storage services. Attackers could deploy ransomware, steal or alter data, disrupt backup and storage operations, or use compromised devices as footholds for lateral movement within corporate networks. Given TrueNAS CORE's deployment in enterprises, government agencies, and data centers, the vulnerability poses a significant risk to business continuity and data security worldwide. The lack of known exploits currently provides a window for proactive defense, but the ease of exploitation and high impact necessitate urgent attention.

Organizations should immediately restrict network access to TrueNAS CORE management interfaces and storage services to trusted hosts only, ideally isolating them within secure VLANs or VPNs. Monitor network traffic for unusual tar archive extraction requests or unexpected file writes outside designated directories. Employ intrusion detection/prevention systems with custom rules targeting path traversal patterns. Until an official patch is released, consider disabling or restricting tarfile.extractall functionality if feasible or applying manual input validation wrappers around extraction processes. Regularly audit system logs and file integrity to detect early signs of exploitation. Engage with iXsystems support for updates and apply patches promptly once available. Additionally, implement robust backup and recovery procedures to mitigate data loss risks from potential exploitation.