exploitDog

CVE-2024-39148

Опубликовано: 01 дек. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

Ссылки

https://keros.docs.kerlink.com/security/security_advisories_kerOS5
Vendor Advisory
https://www.bdosecurity.de/en-gb/advisories/cve-2024-39148
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:kerlink:keros:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.12 (исключая)

EPSS

Процентиль: 37%

0.0016

Низкий

8.1 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-hjfh-3qcg-j4x3

CVSS3: 8.1

github

2 месяца назад

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

EPSS

Процентиль: 37%

0.0016

Низкий

8.1 High

CVSS3

Дефекты

CWE-94