CVE-2024-8808

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 78

Summary

CVE-2024-8808 is a remote code execution vulnerability affecting Cohesive Networks VNS3. Attackers can exploit this flaw by injecting malicious commands into the web service, which is listening on port 8000 by default. The vulnerability arises due to insufficient input validation, enabling an attacker to execute arbitrary code with root privileges once authentication is successful. This issue was identified as ZDI-CAN-24177.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share