CVE-2024-39570

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 HF1

Description: A vulnerability has been identified in SINEMA Remote Connect Server due to missing server-side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. The issue is related to command injection and affects applications that do not properly sanitize input on the server side.

Recommendations: For versions prior to V3.2 HF1, update to version V3.2 HF1 or later to resolve the issue. As a temporary workaround, consider restricting access to VxLAN configurations to minimize the risk of exploitation. Additionally, ensure that all input is properly sanitized on the server side to prevent command injection attacks.