CVE-2024-45179

Summary

CVE-2024-45179 is a vulnerability affecting the za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. The issue stems from insufficient input validation in the C-MOR web interface, leading to OS command injection attacks. Different functionalities, such as certificate generation and time zone setting, are susceptible to these attacks. An attacker can exploit this vulnerability in the script "generatesslreq.pml" as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data. Another script, "settimezone.pml" or "setdatetime.pml," requires administrative privileges for the C-MOR web interface to be exploited for OS command injection. By combining this vulnerability with a privilege-escalation flaw, it is possible to execute commands with root privileges on the C-MOR system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.