CVE-2024-48651
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 29, 2024
Summary
CVE-2024-48651 is a vulnerability affecting versions of ProFTPD before 1.3.8b. This issue arises due to the lack of proper implementation of supplemental groups in the mod_sql module, resulting in unintended access to the root group (GID 0). Attackers can potentially exploit this vulnerability to gain elevated privileges on affected systems. The impact of this vulnerability is significant as it can lead to a compromise of the entire system. It is recommended that users of ProFTPD upgrade to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ProFTPD
Affected Vendors
- Proftpd