CVE-2024-8807
CVSS 3.0 Score 9.8 of 10 (critical)
Details
Published Nov 22, 2024
CWE ID 78
Summary
CVE-2024-8807 is a critical remote code execution vulnerability affecting Cohesive Networks VNS3. The flaw, identified as ZDI-CAN-24176, is located in the product's web service, which listens on port 8000 by default. The vulnerability arises due to insufficient validation of user-supplied strings, enabling attackers to inject malicious commands and execute arbitrary code with root privileges, even without authentication. This issue poses a significant threat to affected installations and requires immediate attention and patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share