ГлавнаяУязвимости → CVE-2024-50960
7.2высокая

CVE-2024-50960

Описание

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.

Затрагиваемое ПО
Extron Smp 111 firmwareExtron Smp 111Extron Smp 351 firmwareExtron Smp 351Extron Smp 352 firmwareExtron Smp 352Extron Sme 211 firmwareExtron Sme 211
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/layer8secure/extron-smp-inject/https://ryanmroth.com/articles/exploiting-extron-smp-command-injectionhttps://www.extron.com/article/smp