CVE-2024-7694 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-08-12

Added to CISA KEV: 2026-02-17 554 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update to version 3.5.0 or install Hotfix-20240715
Review all file uploads and system activities from admin accounts for suspicious activity
Implement network segmentation to limit exposure of ThreatSonar platforms
Monitor for unauthorized file uploads and command execution attempts
Patch priority level: CRITICAL - Active exploitation confirmed

CVE-2024-7694 is a critical security vulnerability affecting ThreatSonar Anti-Ransomware by the Taiwanese cybersecurity firm TeamT5 ^[3] ^[2].

The following details summarize the current understanding of this vulnerability:

Active Exploitation: The vulnerability has been confirmed as actively exploited in the wild, leading to its inclusion in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog ^[4] ^[5].
Threat Actors: TeamT5 has assessed the exploitation activity as a highly coordinated campaign likely conducted by China-nexus Advanced Persistent Threat (APT) clusters, specifically tracked by the vendor as "Slime57" and "Slime62" ^[1].
Nature of Attacks: The campaign was targeted, affecting a small number of high-profile downstream environments. Attackers utilized large-scale proxying through compromised Taiwanese devices to obscure the origin of their operations ^[1].

Vulnerability Type: The flaw is an improper input validation issue regarding the content of uploaded files ^[3].
Requirements: Successful exploitation requires the attacker to already possess administrator privileges on the product platform. With this access, a remote attacker can upload malicious files to the server ^[2].

Access/Impact: Once a malicious file is uploaded, it can be used to execute arbitrary system commands on the server, resulting in full system compromise ^[2].

Patch Availability: TeamT5 published patch guidance in July 2024 ^[1].
Cloud Service: The vendor confirmed that its cloud service was updated on July 12, 2024, to remediate the issue ^[1].
Mitigation: Organizations using on-premises versions of ThreatSonar should ensure they have applied the official patches provided by TeamT5.

Chinese APT-linked exploitation of TeamT5 ThreatSonar...
(NVD) TeamT5 told SecurityWeek the exploitation occurred in 2024, targeted only a small number of customers, and was assessed as a highly coordinated campaign aimed at compromising high-profile downstream environments (SecurityWeek reporting, 24 Feb 2026). (SecurityWeek) TeamT5 further assessed the…
CVE-2024-7694 : ThreatSonar Anti-Ransomware from TeamT5 does not ...
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
CVE-2024-7694 Detail - NVD
Description. ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator ...
CISA Warns of Actively Exploited Anti-Ransomware... | SecurityNews
This particular flaw, identified as CVE-2024-7694, exists within the ThreatSonar Anti-Ransomware product, which was created by the Taiwanese cybersecurity firm TeamT5.Attribution in cyberspace is often a complex and speculative process. At present, there is no public information definitively identif…
CISA Adds CVE-2024-7694 to Known Exploited ...
CISA added CVE-2024-7694 to the Known Exploited Vulnerabilities catalog after hackers exploited a critical arbitrary file-upload flaw in ...

🔴 CVE-2024-7694