QwikSec

Security Database

CVE

CWE

Training

CVE-2024-6127

Published: Jun 27, 2024

Modified: Sep 25, 2025

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

Vendor	Product	Versions
BC Security	Empire	affected `0 - < 5.9.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://aceresponder.com/blog/exploiting-empire-c2-framework

technical-description

https://github.com/ACE-Responder/Empire-C2-RCE-PoC

exploit

https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102

vendor-advisory

https://vulncheck.com/advisories/empire-unauth-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.