CVE-2024-8809

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-78
View all →

Vulnerability Description

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24178.

Related Vulnerabilities

CVE-2011-3178

HIGH
CVSS:8.8(High)

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

CWE-782011

CVE-2012-4981

HIGH
CVSS:8.8(High)

Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability

CWE-782012

CVE-2012-5693

HIGH
CVSS:8.8(High)

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) ...

CWE-782012

CVE-2012-6610

HIGH
CVSS:8.8(High)

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

CWE-782012

CVE-2013-1598

HIGH
CVSS:8.8(High)

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary cod...

CWE-782013

CVE-2013-2024

HIGH
CVSS:8.8(High)

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

CWE-782013