CVE-2024-39569

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 HF1

Description: A vulnerability has been identified in the system service of affected applications, which is vulnerable to command injection due to missing server-side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.

Recommendations: For versions prior to V3.2 HF1, update to version V3.2 HF1 or later to resolve the issue. As a temporary workaround, consider restricting access to the system service of affected applications to minimize the risk of exploitation. Avoid using the vulnerable system service until the issue is resolved.