CVE-2024-42048

OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may result in arbitrary code execution and privilege escalation.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://attack.mitre.org/techniques/T1574/001
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
https://landings.openorange.com/l/erp-peru-a.html
https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txt
https://resources.infosecinstitute.com/topic/dll-hijacking
https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1
https://www.openorange.com

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-07 17:15

Updated : 2025-08-29 20:15

NVD link : CVE-2024-42048

Mitre link : CVE-2024-42048

CVE.ORG link : CVE-2024-42048

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-42048", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-08-07T17:15:27.060", "references": [{"url": "https://attack.mitre.org/techniques/T1574/001", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order", "source": "cve@mitre.org"}, {"url": "https://landings.openorange.com/l/erp-peru-a.html", "source": "cve@mitre.org"}, {"url": "https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txt", "source": "cve@mitre.org"}, {"url": "https://resources.infosecinstitute.com/topic/dll-hijacking", "source": "cve@mitre.org"}, {"url": "https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1", "source": "cve@mitre.org"}, {"url": "https://www.openorange.com", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may result in arbitrary code execution and privilege escalation."}, {"lang": "es", "value": "OpenOrange Business Framework 1.15.5 proporciona a los usuarios sin privilegios acceso de escritura al directorio de instalaci\u00f3n."}], "lastModified": "2025-08-29T20:15:34.227", "sourceIdentifier": "cve@mitre.org"}