Impact
In ServerCo getssl versions prior to 2.50, ACME challenge tokens were not validated against RFC 8555 before being used in file paths, enabling a malicious token to control the local file name or path. This flaw permits an attacker who can supply or modify ACME challenge responses—such as a compromised CA endpoint or an on‑path adversary—to write arbitrary files or follow directory traversal, often with elevated privileges, ultimately leading to remote command execution on the host.
Affected Systems
The affected product is ServerCo getssl, a shell script used for automated TLS certificate acquisition. The vulnerability exists in version 2.49 and earlier; version 2.50 and later contain the fix. Thus any environments running getssl 2.49 or older are susceptible.
Risk and Exploitability
The CVSS score of 7.4 indicates a fairly high severity, and the EPSS score of less than 1 % reflects a low probability of exploitation in the wild, though the risk is amplified by the remote command injection potential. The vulnerability is not currently listed in CISA's KEV catalog. Attackers need the ability to influence ACME challenge responses or intercept them on the network. Once such control is achieved, path traversal or unauthorized file creation can be performed, which, if executed with elevated privileges, grants full remote command execution potential.
OpenCVE Enrichment