Progress released a patch to address a critical severity vulnerability in Flowmon. Tracked as CVE-2024-2389, the vulnerability is given a CVSS base score of 10. Successful exploitation of the vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.
Tag: OS Command Injection Vulnerability
PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)
Attackers are exploiting a command injection vulnerability in Palo Alto Networks PAN-OS software. Tracked as CVE-2024-3400, the vulnerability has been given a critical severity rating and a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with root privileges on the firewall. The vulnerability exists in the … Continue reading “PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)”
QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)
Two OS command injection vulnerabilities impact the operating systems embedded in the firmware of QNAP’s popular network-attached storage (NAS) devices. Tracked as CVE-2023-47218 and CVE-2023-50358, the vulnerabilities may allow users to execute commands via a network. The vulnerabilities affect QNAP operating systems such as QTS, QuTS Hero, and QuTS Cloud. CVE-2023-47218 can be exploited by … Continue reading “QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)”
