CVE-2024-11003

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 78

Summary

CVE-2024-11003 is a recently identified vulnerability affecting versions of the Qualys vulnerability scanner software, needrestart, prior to 3.8. This issue stems from the scanner's failure to properly sanitize user input, which is subsequently passed to the Modules::ScanDeps library. An attacker with local access can exploit this vulnerability to execute arbitrary shell commands, posing a significant security risk. Qualys has recommended that users upgrade to the latest version of needrestart to mitigate this issue. It is noteworthy that there is a related vulnerability, CVE-2024-10224, in the same Modules::ScanDeps library.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share