CVE-2024-48651

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 29, 2024

Summary

CVE-2024-48651 is a vulnerability affecting versions of ProFTPD before 1.3.8b. This issue arises due to the lack of proper implementation of supplemental groups in the mod_sql module, resulting in unintended access to the root group (GID 0). Attackers can potentially exploit this vulnerability to gain elevated privileges on affected systems. The impact of this vulnerability is significant as it can lead to a compromise of the entire system. It is recommended that users of ProFTPD upgrade to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share