CVE-2024-35526 is a vulnerability identified in the Daemon PTY Limited FarCry Core framework prior to version 7.2.14. This flaw allows attackers with local access to the affected system to read sensitive information stored within the /facade directory. The root cause is an improper access control mechanism (CWE-922), which fails to adequately restrict access to sensitive files or directories. The vulnerability does not require any authentication or user interaction, but the attacker must have local access to the system, which limits remote exploitation possibilities. The CVSS v3.1 base score is 5.9, indicating a medium severity level, with the vector AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. This means the attack vector is local, with low attack complexity, no privileges or user interaction needed, and impacts confidentiality, integrity, and availability to a limited extent. No patches or exploits are currently publicly available, but the issue is documented and should be addressed promptly. The vulnerability could expose sensitive configuration or operational data, potentially aiding further attacks or information leakage. The FarCry Core framework is used in web and application infrastructure, so the exposure of sensitive data could have downstream effects on application security and privacy.

The vulnerability allows unauthorized local users to access sensitive information, which can lead to information disclosure that may facilitate further attacks such as privilege escalation, data tampering, or service disruption. Although the impact on confidentiality, integrity, and availability is limited, the exposure of sensitive data in the /facade directory could reveal configuration details, credentials, or other critical information. This can undermine trust in the affected systems and potentially lead to broader security incidents if leveraged by attackers. Organizations with multi-user environments or shared hosting are at higher risk, as local access may be easier to obtain. The lack of known exploits reduces immediate risk, but the vulnerability remains a concern until patched. The medium severity suggests that while not critical, the issue requires timely remediation to prevent exploitation.

1. Apply the official patch or upgrade to FarCry Core version 7.2.14 or later once it becomes available. 2. Restrict local system access strictly to trusted and authorized personnel to reduce the risk of exploitation. 3. Implement file system permissions and access control lists (ACLs) to protect the /facade directory and its contents from unauthorized access. 4. Monitor access logs and system activity for unusual or unauthorized attempts to read files in sensitive directories. 5. Conduct regular security audits and vulnerability assessments on systems running FarCry Core to detect potential misconfigurations or exposures. 6. Consider isolating critical services or using containerization to limit the impact of local vulnerabilities. 7. Educate system administrators and users about the risks of local access vulnerabilities and enforce strong operational security practices.