CVE-2024-5580
CVSS 3.0 Score 7.2 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 502
Summary
CVE-2024-5580 is a remote code execution vulnerability affecting Allegra's loadFieldMatch deserialization function. The flaw arises due to insufficient validation of user-supplied data, which can lead to untrusted data deserialization. An attacker can exploit this issue to execute arbitrary code on affected installations, requiring authentication to do so. The vulnerability was identified as ZDI-CAN-23452 and grants the attacker the ability to execute code in the context of the LOCAL SERVICE.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share