CVE-2024-44758 is an arbitrary file upload vulnerability in the NUS-M9 ERP Management Software version 3.0.0, specifically in the /Production/UploadFile component. This vulnerability allows attackers to upload maliciously crafted files without authentication or user interaction, enabling remote code execution on the affected server. The root cause is insufficient validation and sanitization of uploaded files, allowing attackers to bypass restrictions and execute arbitrary code, which corresponds to CWE-94 (Improper Control of Generation of Code). The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. This means that an attacker can exploit the vulnerability remotely over the network without any prior access or interaction from legitimate users. The impact includes full compromise of the ERP system, potential lateral movement within the network, data theft, disruption of business operations, and deployment of further malware. Although no public exploits have been reported yet, the critical nature and ease of exploitation make it a high priority for remediation. The lack of available patches at the time of publication increases the urgency for organizations to implement temporary mitigations and monitor for suspicious activity related to file uploads.

The vulnerability allows attackers to execute arbitrary code remotely, leading to complete compromise of the affected ERP system. This can result in unauthorized access to sensitive business data, manipulation or deletion of critical enterprise information, disruption of ERP services, and potential pivoting to other internal systems. The confidentiality, integrity, and availability of organizational data and operations are at severe risk. Given the ERP system’s central role in managing business processes, exploitation could cause significant operational downtime and financial losses. Additionally, attackers could deploy ransomware or other malware, further amplifying the damage. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks. Organizations globally that rely on NUS-M9 ERP for production, inventory, finance, or supply chain management are particularly vulnerable.

1. Immediately restrict access to the /Production/UploadFile endpoint through network segmentation and firewall rules to limit exposure. 2. Implement strict input validation and file type restrictions on the server side to prevent uploading of executable or script files. 3. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious file upload attempts. 4. Monitor logs for unusual file upload activity and signs of code execution attempts. 5. If possible, disable the file upload functionality temporarily until a vendor patch is available. 6. Apply principle of least privilege to the ERP application and underlying server accounts to minimize impact if exploited. 7. Regularly back up ERP data and verify restoration processes to mitigate ransomware or data loss scenarios. 8. Engage with the vendor for timely patch releases and apply updates as soon as they become available. 9. Conduct penetration testing and vulnerability scanning focused on file upload mechanisms to identify similar weaknesses. 10. Educate IT staff on this vulnerability and ensure incident response plans include scenarios involving arbitrary file upload exploitation.