CVE-2024-22107: n/a in n/a
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
AI Analysis
Technical Summary
CVE-2024-22107 is a high-severity vulnerability affecting GTB Central Console version 15.17.1-30814.NG. The vulnerability resides in the method systemSettingsDnsDataAction located in the SystemSettingsController.php file of the web application component. Specifically, the endpoint /old/react/v1/api/system/dns/data is vulnerable to command injection attacks. An authenticated attacker can exploit this vulnerability by injecting arbitrary commands through this endpoint, which the system then executes. This type of vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not properly sanitized before being passed to system-level commands. The CVSS 3.1 base score is 7.2, reflecting a high severity level with network attack vector, low attack complexity, but requiring high privileges (authenticated user) and no user interaction. The impact includes full compromise of confidentiality, integrity, and availability of the affected platform, as arbitrary commands can lead to data theft, system manipulation, or denial of service. No known exploits are currently reported in the wild, and no vendor patches or mitigations have been linked yet. The vulnerability was published on February 2, 2024, and has been enriched by CISA, indicating recognition by US cybersecurity authorities. The lack of detailed vendor or product information limits the scope of direct vendor-specific guidance but the technical nature suggests that the vulnerability affects a web-based management console used for system settings, likely in enterprise environments.
Potential Impact
For European organizations using GTB Central Console or similar platforms, this vulnerability poses a significant risk. Since exploitation requires authentication, insider threats or compromised credentials could lead to full system compromise. Attackers could execute arbitrary commands, potentially leading to data breaches, disruption of critical services, or lateral movement within networks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure. The ability to execute commands remotely over the network increases the attack surface, and the high impact on confidentiality, integrity, and availability could result in regulatory penalties under GDPR if personal data is exposed or systems are disrupted. Additionally, the lack of patches means organizations must rely on compensating controls until a fix is available, increasing operational risk.
Mitigation Recommendations
1. Immediately restrict access to the affected endpoint (/old/react/v1/api/system/dns/data) to trusted administrators only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 3. Monitor logs for unusual or unauthorized command execution attempts, focusing on the vulnerable endpoint. 4. Implement strict input validation and sanitization at the application layer to prevent command injection, if source code access and modification are possible. 5. Apply principle of least privilege to all user accounts to limit the potential damage from a compromised account. 6. If possible, disable or remove legacy or unused API endpoints to reduce attack surface. 7. Engage with the vendor or community to obtain patches or updates as soon as they become available. 8. Conduct regular security assessments and penetration testing focusing on web application endpoints to detect similar vulnerabilities early.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Switzerland
CVE-2024-22107: n/a in n/a
Description
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
AI-Powered Analysis
Technical Analysis
CVE-2024-22107 is a high-severity vulnerability affecting GTB Central Console version 15.17.1-30814.NG. The vulnerability resides in the method systemSettingsDnsDataAction located in the SystemSettingsController.php file of the web application component. Specifically, the endpoint /old/react/v1/api/system/dns/data is vulnerable to command injection attacks. An authenticated attacker can exploit this vulnerability by injecting arbitrary commands through this endpoint, which the system then executes. This type of vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not properly sanitized before being passed to system-level commands. The CVSS 3.1 base score is 7.2, reflecting a high severity level with network attack vector, low attack complexity, but requiring high privileges (authenticated user) and no user interaction. The impact includes full compromise of confidentiality, integrity, and availability of the affected platform, as arbitrary commands can lead to data theft, system manipulation, or denial of service. No known exploits are currently reported in the wild, and no vendor patches or mitigations have been linked yet. The vulnerability was published on February 2, 2024, and has been enriched by CISA, indicating recognition by US cybersecurity authorities. The lack of detailed vendor or product information limits the scope of direct vendor-specific guidance but the technical nature suggests that the vulnerability affects a web-based management console used for system settings, likely in enterprise environments.
Potential Impact
For European organizations using GTB Central Console or similar platforms, this vulnerability poses a significant risk. Since exploitation requires authentication, insider threats or compromised credentials could lead to full system compromise. Attackers could execute arbitrary commands, potentially leading to data breaches, disruption of critical services, or lateral movement within networks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure. The ability to execute commands remotely over the network increases the attack surface, and the high impact on confidentiality, integrity, and availability could result in regulatory penalties under GDPR if personal data is exposed or systems are disrupted. Additionally, the lack of patches means organizations must rely on compensating controls until a fix is available, increasing operational risk.
Mitigation Recommendations
1. Immediately restrict access to the affected endpoint (/old/react/v1/api/system/dns/data) to trusted administrators only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 3. Monitor logs for unusual or unauthorized command execution attempts, focusing on the vulnerable endpoint. 4. Implement strict input validation and sanitization at the application layer to prevent command injection, if source code access and modification are possible. 5. Apply principle of least privilege to all user accounts to limit the potential damage from a compromised account. 6. If possible, disable or remove legacy or unused API endpoints to reduce attack surface. 7. Engage with the vendor or community to obtain patches or updates as soon as they become available. 8. Conduct regular security assessments and penetration testing focusing on web application endpoints to detect similar vulnerabilities early.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-01-05T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aec2df
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 7/6/2025, 8:10:16 AM
Last updated: 8/15/2025, 6:34:12 AM
Views: 9
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.