CVE-2024-39148

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KerOS versions prior to 5.12

Description The wmp-agent service does not correctly validate ‘magic URLs’, potentially allowing a remote attacker without authentication to execute arbitrary operating system commands as root if the service is accessible over a network. Typically, the service is protected by a local firewall.

Recommendations Update KerOS to version 5.12 or later.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-39148

Affected Products

Keros

CVE-2024-39148

Weakness Enumeration

Related Identifiers

Affected Products

References · 7