Software firms have been urged by the FBI and Cybersecurity and Infrastructure Security Agency to ensure the absence of path traversal or directory traversal vulnerabilities in their products prior to shipping, BleepingComputer reports.Mitigating such flaws, which could be exploited to facilitate code execution and authentication bypass, could be achieved through random identifier generation for files and separate metadata storage, character restrictions in file names, and removing executable permissions in uploaded files, said the agencies in a joint advisory.Such an alert has been issued following separate attack campaigns exploiting directory traversal bugs, tracked CVE-2024-1708 and CVE-2024-20345, to compromise U.S. critical infrastructure organizations."Directory traversal exploits succeed because technology manufacturers fail to treat user supplied content as potentially malicious, hence failing to adequately protect their customers. Vulnerabilities like directory traversal have been called 'unforgivable' since at least 2007. Despite this finding, directory traversal vulnerabilities (such as CWE-22 and CWE-23) are still prevalent classes of vulnerability," said the agencies.
Network Security, DevSecOps, Threat Intelligence
Path traversal vulnerability elimination in software sought by feds

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



