CVE-2024-47464

Name of the Vulnerable Software and Affected Versions: Instant AOS versions 8 through 10

Description: An authenticated Path Traversal issue exists, allowing an attacker to copy arbitrary files to a user-readable location from the command line interface of the underlying operating system. This could lead to remote unauthorized access to files. The vulnerability is related to incorrect restriction of the directory path name with limited access.

Recommendations: For Instant AOS versions 8 through 10, consider restricting access to the command line interface until a patch is available. As a temporary workaround, limit the ability to copy files to user-readable locations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.