CVE-2024-11003
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-11003 is a recently identified vulnerability affecting versions of the Qualys vulnerability scanner software, needrestart, prior to 3.8. This issue stems from the scanner's failure to properly sanitize user input, which is subsequently passed to the Modules::ScanDeps library. An attacker with local access can exploit this vulnerability to execute arbitrary shell commands, posing a significant security risk. Qualys has recommended that users upgrade to the latest version of needrestart to mitigate this issue. It is noteworthy that there is a related vulnerability, CVE-2024-10224, in the same Modules::ScanDeps library.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.