CVE-2024-8806

CVSS 3.0 Score 9.8 of 10 (critical)

Details

Published Nov 22, 2024
CWE ID 78

Summary

CVE-2024-8806 is a critical vulnerability affecting Cohesive Networks VNS3. This command injection issue enables remote code execution, allowing attackers to execute arbitrary code on affected installations without requiring authentication. The flaw is rooted in the web service that listens on the default TCP port 8000. An attacker can exploit this vulnerability by providing maliciously crafted input, which is not properly validated before executing a system call. The consequence is the execution of code with root privileges. (ZDI-CAN-24160 first disclosed this vulnerability.)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share