OS Command Injection in VNS3 - CVE-2024-8808

 

OS Command Injection in VNS3 - CVE-2024-8808

Published: September 18, 2024


Vulnerability identifier: #VU97463
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-8808
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cohesive Networks
Affected software:
VNS3

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the web service. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2024-8808

Install updates from vendor's website.

Sources