CVE-2024-47461

Name of the Vulnerable Software and Affected Versions: Instant AOS versions 8 and 10

Description: An authenticated command injection vulnerability exists in the command line interface of Instant AOS. This vulnerability allows an attacker to execute arbitrary commands as a privileged user on the underlying operating system, potentially leading to a full compromise of the host operating system.

Recommendations: For Instant AOS versions 8 and 10, consider disabling access to the command line interface until a patch is available to prevent exploitation of the command injection vulnerability. Restricting privileges for authenticated users may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.