CVE-2024-43035
Directory Traversal in Fonoster VoiceServer Allows Arbitrary File Read
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fonoster | fonsoter | to 0.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-24 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2024-43035 is a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer versions before 0.6.1. It allows an attacker to perform directory traversal attacks via the /sounds/:file or /tts/:file endpoints. This happens because the server concatenates a base directory path with user-supplied filenames without proper validation or sanitization, enabling attackers to access arbitrary files on the server by including sequences like '../' in the filename."}, {'type': 'paragraph', 'content': 'The vulnerable function, serveFiles, reads files from the filesystem based on the user input without checking if the requested path escapes the intended directory. This flaw can be exploited to read sensitive files such as system configuration or password files.'}] [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to read arbitrary files on the server hosting Fonoster VoiceServer. By exploiting directory traversal, attackers can access sensitive files outside the intended directory, potentially exposing confidential information such as system files, configuration files, or credentials.
Such unauthorized file access can lead to information disclosure, which may facilitate further attacks or compromise the security of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access files outside the intended directory via directory traversal sequences in the URL path, specifically targeting the /sounds/:file or /tts/:file endpoints of the Fonoster VoiceServer.
A common detection method is to use a command like curl to request a sensitive file such as /etc/passwd by including directory traversal sequences (../) encoded as %2f in the URL.
Example command to test for the vulnerability:
- curl http://localhost:3000/sounds/..%2f..%2f..%2fetc%2fpasswd
If the server responds with the contents of the file (e.g., /etc/passwd), it indicates the presence of the directory traversal vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict input validation and path normalization to prevent directory traversal attacks on the vulnerable endpoints.
- Use path normalization (e.g., path.normalize()) on the combined base directory and user-supplied file path.
- Verify that the normalized path starts with the intended base directory to ensure the requested file is within allowed boundaries.
- Reject any requests with absolute paths or paths that escape the base directory by responding with an access denied or error status.
Until an official patch is released, users are advised to apply these mitigations manually or take down their Fonoster VoiceServer instances to avoid exploitation.