CVE-2024-7700

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Sep 16, 2024
CWE ID 77

Summary

CVE-2024-7700 is a command injection vulnerability identified in the "Host Init Config" template of the Foreman application. This flaw can be exploited through the "Install Packages" field on the "Register Host" page, allowing an attacker with privileges to inject arbitrary commands into the configuration. While user interaction is required to execute injected commands, this vulnerability poses a significant risk, as an unsuspecting user running the generated registration script could result in unauthorized command execution during host registration.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share