PT-2024-27010 · Pam · Pam

Paolo Cavaglià

Published

2024-07-15

Updated

2024-08-01

CVE-2024-36456

CVSS v4.0

9.4

Critical

Vector

AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions PAM system (affected versions not specified)

Description The issue allows an unauthenticated attacker to achieve remote command execution on the affected PAM system. This is done by uploading a specially crafted PAM upgrade file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-36456

Affected Products

Pam

PT-2024-27010 · Pam · Pam

CVE-2024-36456

Weakness Enumeration

Related Identifiers

Affected Products

References · 4