CVE-2024-42017

Name of the Vulnerable Software and Affected Versions Atos Eviden iCare versions 2.7.1 through 2.7.11

Description The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

Recommendations For Atos Eviden iCare versions 2.7.1 through 2.7.11, as a temporary workaround, consider restricting access to the locally exposed web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.