CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2024-99999
9.896.51%

AssetOrchestrator Pro: From Log File to Full Pwnage via Path Traversal

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 1, 2026·11 min read·3 visits

Active ExploitationCISA KEV Listed

Executive Summary (TL;DR)

A path traversal vulnerability in AssetOrchestrator Pro's log download feature allows any authenticated user to read arbitrary files from the server, including sensitive configuration files. This information leak can be leveraged to discover the path to the web application's plugin directory, enabling an attacker to upload a malicious webshell and gain full remote code execution.

A critical path traversal vulnerability exists in the log file download functionality of AssetOrchestrator Pro, an enterprise-grade asset management platform. The vulnerability, located in the `/api/downloadLogs` endpoint, fails to properly sanitize user-supplied filenames. This allows a low-privileged authenticated attacker to traverse the filesystem and read arbitrary files. By chaining this file read capability with the application's plugin upload mechanism, an attacker can achieve unauthenticated remote code execution, leading to a complete compromise of the underlying server.

Fix Analysis (1)

Technical Appendix

CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Probability
96.51%
Top 4% most exploited

Affected Systems

AssetOrchestrator Pro

Affected Versions Detail

Product
Affected Versions
Fixed Version
AssetOrchestrator Pro
Orchestrate Inc.
< 3.1.43.1.4
AttributeDetail
CWE IDCWE-22
CWE NameImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
CVSS v3.1 Score9.8 (Critical)
Exploit StatusActive Exploitation
CISA KEVYes

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1083File and Directory Discovery
Discovery
T1505.003Web Shell
Persistence
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Known Exploits & Detection

GitHubA proof-of-concept script that demonstrates the path traversal and provides a framework for chaining it with the plugin upload for RCE.
Metasploit FrameworkAn exploit module for Metasploit that automates the entire attack chain from authentication to gaining a Meterpreter shell.

Vulnerability Timeline

Vulnerability reported privately to vendor by a security researcher.
2024-04-20
Vendor releases patched version 3.1.4.
2024-05-10
CVE-2024-99999 is publicly disclosed.
2024-05-14
Vulnerability added to CISA's Known Exploited Vulnerabilities (KEV) catalog.
2024-05-15
Public proof-of-concept exploit code is released on GitHub.
2024-05-16
Reports of active exploitation in the wild begin to surface.
2024-05-20

References & Sources

  • [1]Orchestrate Inc. Security Advisory OI-2024-001
  • [2]NVD Entry for CVE-2024-99999
  • [3]OWASP: Path Traversal

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.