CVE-2024-39568

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 HF1

Description: The issue is related to the lack of data sanitization on the management level, which can allow an attacker to execute arbitrary code with system privileges. Specifically, the system service of affected applications is vulnerable to command injection due to missing server-side input sanitation when loading proxy configurations. This could enable an authenticated local attacker to execute arbitrary code with system privileges.

Recommendations: For versions prior to V3.2 HF1, update to version V3.2 HF1 or later to resolve the issue. As a temporary workaround, consider restricting access to the system service of affected applications to minimize the risk of exploitation. Avoid using vulnerable proxy configurations in the affected API endpoints until the issue is resolved.