CVE-2024-11949

Name of the Vulnerable Software and Affected Versions GFI Archiver (affected versions not specified)

Description The issue is a remote code execution vulnerability due to the deserialization of untrusted data in the GFI Archiver Store Service. This allows remote attackers to execute arbitrary code on affected installations of GFI Archiver, but authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by default, and is the result of the lack of proper validation of user-supplied data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.