PT-2024-33485 · Acon · Acon
Torinriley
·
Published
2024-10-18
·
Updated
2024-10-21
·
CVE-2024-49361
CVSS v4.0
8.1
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ACON (affected versions not specified)
Description
A potential issue has been identified in the input validation process of the ACON library, which could lead to arbitrary code execution if exploited. This could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. Machine learning models or applications that ingest user-generated data without proper sanitization are the most at risk. Users running ACON on production servers are at heightened risk, as the issue could be exploited remotely.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acon