CVE-2024-39148

CVSS 8.1 HIGHEPSS 0.4%CWE-94

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://keros.docs.kerlink.com/security/security_advisories_kerOS5 https://www.bdosecurity.de/en-gb/advisories/cve-2024-39148