Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-8807

Опубликовано: 22 нояб. 2024
Источник: nvd
CVSS3: 9.8
CVSS3: 9.8
EPSS Низкий

Описание

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24176.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cohesive:vns3:*:*:*:*:*:*:*:*
Версия до 6.2.8 (исключая)
cpe:2.3:a:cohesive:vns3:*:*:*:*:*:*:*:*
Версия от 6.6.0 (включая) до 6.6.7 (исключая)

EPSS

Процентиль: 73%
0.00806
Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

CVSS3: 9.8
github
9 месяцев назад

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24176.

EPSS

Процентиль: 73%
0.00806
Низкий

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78