CVE-2024-44599
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2024-44599, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-15

Last updated on: 2026-07-05

Assigner: MITRE

Description

FNT Command 13.4.0 is vulnerable to Directory Traversal.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-15
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-12-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fntsoftware fnt_command to 13.4.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2024-44599 is a directory traversal vulnerability in FNT Command versions up to and including 13.4.0. It occurs because the software does not properly validate user-supplied file paths during file upload handling. This allows an authenticated attacker to upload files to arbitrary locations on the server outside the intended upload directory. [2]

Impact Analysis

This vulnerability can lead to full system compromise, including remote code execution. Attackers can upload executable files or overwrite security-critical resources, potentially causing high impact on system integrity and availability. [2]

Detection Guidance

Detection involves monitoring for unauthorized file uploads or unexpected file placements outside the intended upload directories. You can check server logs for suspicious file upload activity and scan for files in directories where uploads should not occur. Specific commands depend on your environment, but for example, on a Linux system, you might use commands like 'find /path/to/upload -type f -exec ls -l {} \;' to list files, or 'grep' to search logs for upload attempts. Additionally, monitoring network traffic for unusual POST requests to the upload endpoint may help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include updating FNT Command to a version later than 13.4.0 where the vulnerability is fixed, as the vendor has addressed the issue. Until an update can be applied, restrict access to the upload functionality to trusted users only, implement strict input validation on file paths, and monitor for suspicious upload activity. Additionally, consider applying network-level controls such as firewall rules to limit access to the vulnerable service. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-44599. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart