CVE-2024-2421

Name of the Vulnerable Software and Affected Versions LenelS2 NetBox versions prior to and including 5.6.1

Description The issue is related to an unauthenticated remote code execution (RCE) that allows an attacker to execute malicious commands with elevated permissions. It is associated with the failure to neutralize special elements used in the operating system command, which can be exploited by a remote attacker to execute arbitrary commands and elevate their privileges.

Recommendations For versions prior to and including 5.6.1, update to a version later than 5.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.