CVE-2024-11946

Name of the Vulnerable Software and Affected Versions iXsystems TrueNAS CORE (affected versions not specified)

Description This issue allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. The specific flaw exists within the handling of firmware updates, resulting from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. No authentication is required to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.