PT-2024-29354 · It Solutions · It Solutions Enjay Crm Os
Aamir Rehman
·
Published
2024-08-07
·
Updated
2024-08-08
·
CVE-2024-41309
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IT Solutions Enjay CRM OS version 1.0
Description
The issue in the Hardware info module allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
Recommendations
For IT Solutions Enjay CRM OS version 1.0, consider restricting access to the Hardware info module until a patch is available.
As a temporary workaround, disabling the Hardware info module may help minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
It Solutions Enjay Crm Os