PT-2024-22271 · Unknown · Peering Manager
Ntc-Swiss-Team
·
Published
2024-03-12
·
Updated
2024-03-13
·
CVE-2024-28114
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Peering Manager versions <=1.8.2
Description
Peering Manager is a BGP session management tool. There is a Server Side Template Injection issue that leads to Remote Code Execution, allowing arbitrary commands to be executed on the operating system running Peering Manager.
Recommendations
For Peering Manager versions <=1.8.2, upgrade to version 1.8.3 to address the issue.
At the moment, there are no known workarounds for this issue.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Peering Manager