CVE-2024-30247

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Mar 29, 2024

Updated: Apr 1, 2024

CWE ID 78

Summary

CVE-2024-30247 is a critical command injection vulnerability affecting NextcloudPi, an image used for various virtual machines and single-board computers. Malicious actors can exploit this flaw in the NextCloudPi web-panel, which does not require authentication, to execute commands as the root user. The security misconfiguration behind this vulnerability poses a significant risk, making it essential for users to upgrade their NextCloudPi installations to the latest version, 1.53.1, to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vFgZM8
https://www.cve.org/CVERecord?id=CVE-2024-30247
https://nvd.nist.gov/vuln/detail/CVE-2024-30247

Back to Vulnerability Database

CVE-2024-30247

CVSS 3.1 Score 10.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations