CVE-2024-8807

CVSS 3.0 Score 9.8 of 10 (critical)

Details

Published Nov 22, 2024
CWE ID 78

Summary

CVE-2024-8807 is a critical remote code execution vulnerability affecting Cohesive Networks VNS3. The flaw, identified as ZDI-CAN-24176, is located in the product's web service, which listens on port 8000 by default. The vulnerability arises due to insufficient validation of user-supplied strings, enabling attackers to inject malicious commands and execute arbitrary code with root privileges, even without authentication. This issue poses a significant threat to affected installations and requires immediate attention and patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share