CVE-2024-52337
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-52337 is a log spoofing vulnerability affecting the Tuned package. The issue arises due to insufficient sanitization of certain API arguments, enabling attackers to insert controlled sequences of characters, including newlines, into the log. By mimicking valid TuneD log lines, an attacker can potentially deceive administrators, leading to potential security risks. The spoofed log entries may go unnoticed due to the presence of the expected quote character, and can appear in various logging and utility outputs, such as `tuned-adm get_instances` or third-party programs using Tuned's D-Bus interface.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.