CVE-2024-11949
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-11949 is a remote code execution vulnerability affecting GFI Archiver's Store Service. This issue arises due to insufficient data validation, leading to deserialization of untrusted data. An attacker can exploit this vulnerability by supplying malicious input to the Store Service, which listens on port 8018 by default. Successful exploitation grants the attacker the ability to execute arbitrary code with SYSTEM privileges, requiring authentication to do so. This vulnerability, originally reported as ZDI-CAN-24331, poses a significant risk to affected installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- GFI Archiver
Affected Vendors
- Inetum