CVE-2024-5581
CVSS 3.0 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-5581 is a newly disclosed vulnerability that affects Allegra's unzipFile method. This issue permits remote code execution, granting attackers the ability to execute arbitrary code on vulnerable installations. Authentication is mandatory for an attacker to exploit this vulnerability. The root cause lies in the insufficient validation of user-supplied paths before using them in file operations. An adversary can leverage this defect to execute code with the privileges of the LOCAL SERVICE. The Zero Day Initiative (ZDI) assigned this vulnerability the identifier ZDI-CAN-23453 prior to its public disclosure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.