CVE-2024-11948

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024

Summary

CVE-2024-11948 is a remote code execution vulnerability affecting GFI Archiver due to the use of a vulnerable version of Telerik Web UI in the product installer. This issue permits attackers to execute arbitrary code on affected installations without requiring authentication. The exploit runs in the context of NETWORK SERVICE, increasing the potential impact of the attack. This vulnerability, previously identified as ZDI-CAN-24041, poses a significant risk to organizations using GFI Archiver.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share