CVE-2024-32152 - OpenCVE

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Ankitects	Anki
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994

History

Fri, 06 Sep 2024 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel Microsoft Microsoft windows
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Linux Linux linux Kernel Microsoft Microsoft windows

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-07-22T14:20:26.096Z

Updated: 2024-08-02T02:06:44.097Z

Reserved: 2024-05-06T16:39:15.937Z

Link: CVE-2024-32152

Vulnrichment

Updated: 2024-07-22T14:53:11.223Z

NVD

Status : Analyzed

Published: 2024-07-22T15:15:03.197

Modified: 2024-09-06T17:22:12.383

Link: CVE-2024-32152

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-32152", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-05-06T16:39:15.937Z", "datePublished": "2024-07-22T14:20:26.096Z", "dateUpdated": "2024-08-02T02:06:44.097Z"}, "containers": {"cna": {"affected": [{"vendor": "Ankitects", "product": "Anki", "versions": [{"version": "24.04", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-184: Incomplete Blacklist", "type": "CWE", "cweId": "CWE-184"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-22T17:00:07.387Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994"}], "credits": [{"lang": "en", "value": "Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B."}]}, "adp": [{"affected": [{"vendor": "ankitects", "product": "anki", "cpes": ["cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24.04", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T14:44:22.356022Z", "id": "CVE-2024-32152", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T20:30:56.370Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:44.097Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32152", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T14:44:22.356022Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*"], "vendor": "ankitects", "product": "anki", "versions": [{"status": "affected", "version": "24.04"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T14:53:11.223Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Ankitects", "product": "Anki", "versions": [{"status": "affected", "version": "24.04"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994"}], "descriptions": [{"lang": "en", "value": "A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "CWE-184: Incomplete Blacklist"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-22T17:00:07.387Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32152", "state": "PUBLISHED", "dateUpdated": "2024-07-22T20:30:56.370Z", "dateReserved": "2024-05-06T16:39:15.937Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-07-22T14:20:26.096Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*", "matchCriteriaId": "A4503900-0DB5-402F-B7AD-36456CFF3DAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability."}, {"lang": "es", "value": " Existe una vulnerabilidad de omisi\u00f3n de lista de bloqueo en la funcionalidad LaTeX de Ankitects Anki 24.04. Una tarjeta flash maliciosa especialmente manipulada puede provocar la creaci\u00f3n de un archivo arbitrario en una ruta fija. Un atacante puede compartir una tarjeta flash maliciosa para desencadenar esta vulnerabilidad."}], "id": "CVE-2024-32152", "lastModified": "2024-09-06T17:22:12.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-07-22T15:15:03.197", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-184"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}