PT-2024-27926 · R Hub · R-Hub Turbomeeting
0Xc0Ffeee
·
Published
2024-07-25
·
Updated
2024-08-13
·
CVE-2024-38288
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
R-HUB TurboMeeting versions prior to 9.x
Description
A command-injection issue in the Certificate Signing Request (CSR) functionality allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
Recommendations
For R-HUB TurboMeeting versions prior to 9.x, update to version 9.x or later to resolve the issue.
As a temporary workaround, consider restricting access to the CSR functionality to minimize the risk of exploitation.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
R-Hub Turbomeeting