CVE-2024-40895

Name of the Vulnerable Software and Affected Versions FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3

Description The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

Recommendations For FFRI AMC versions 3.4.0 to 3.5.3, consider disabling the notification program setting until a patch is available. For some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3, restrict the executable file path to prevent setting it to a batch file (.bat) or command file (.cmd) extension. At the moment, there is no information about a newer version that contains a fix for this vulnerability.