Main Vulnerability Database Vulnerabilities #VU97940

#VU97940 PHP file inclusion in ONS-S8 - Spectra Aggregation Switch - CVE-2024-41925

Published: October 2, 2024

Vulnerability identifier: #VU97940

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-41925

CWE-ID: CWE-98

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ONS-S8 - Spectra Aggregation Switch

Software vendor:
Optigo Networks

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files within the web service. A remote attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

#VU97940 PHP file inclusion in ONS-S8 - Spectra Aggregation Switch - CVE-2024-41925

Description

Remediation

External links

Please verify you're human