CVE-2024-39571

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 HF1

Description: A vulnerability has been identified due to missing server-side input sanitation when loading SNMP configurations, allowing command injection. This could enable an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. The issue is related to the lack of data cleaning measures on the management level, which can be exploited by a remote attacker to execute arbitrary code with root privileges.

Recommendations: For versions prior to V3.2 HF1, update to V3.2 HF1 or later to prevent unauthorized code execution. As a temporary workaround, consider restricting access to the SNMP configuration to minimize the risk of exploitation. Avoid using the vulnerable SNMP configuration loading functionality until the issue is resolved.