CVE-2024-9441

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 2, 2024
Updated: Oct 4, 2024
CWE ID 78

Summary

CVE-2024-9441 is a critical OS command injection vulnerability affecting the Linear eMerge e3-Series up to version 1.00-07. This vulnerability allows remote and unauthenticated attackers to execute arbitrary OS commands through the login_id parameter during the forgot_password process over HTTP. The impact score of this vulnerability is measured at 9.8, indicating high risks to confidentiality, integrity, and availability. Organizations using the vulnerable products should upgrade to a patched version to mitigate this risk effectively. Failure to address this vulnerability could lead to significant security breaches within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share