CVE-2024-48990

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 427

Summary

CVE-2024-48990 is a newly discovered vulnerability in Qualys' needrestart software. Prior to version 3.8, this tool is susceptible to a local attack where an adversary can manipulate the PYTHONPATH environment variable, causing needrestart to launch the Python interpreter with malicious code. As a result, attackers can execute arbitrary code with root privileges. Organizations using Qualys needrestart are advised to update to the latest version to mitigate this risk. This vulnerability can lead to significant security implications if exploited.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share