CVE-2024-22107

Name of the Vulnerable Software and Affected Versions GTB Central Console version 15.17.1-30814.NG

Description The issue is related to a command injection vulnerability in the systemSettingsDnsDataAction method of the GTB Central Console, specifically at the /old/react/v1/api/system/dns/data endpoint. This vulnerability can be exploited by an authenticated attacker to inject arbitrary commands and compromise the platform. The vulnerability is caused by the lack of filtering of parameters passed to the exec() function.

Recommendations For GTB Central Console version 15.17.1-30814.NG, consider disabling the systemSettingsDnsDataAction method until a patch is available to prevent command injection attacks. Restrict access to the /old/react/v1/api/system/dns/data endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.