CVE-2023-3991

Summary

CVE-2023-3991 is an OS command injection vulnerability discovered in the iperfrun.cgi functionality of FreshTomato 2023.3. This issue allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. Successful exploitation of this vulnerability can result in significant security implications, including unauthorized access, data theft, or system damage. FreshTomato users are strongly advised to update their software to a version that addresses this issue. To mitigate the risk, administrators should restrict network access to the affected component or configure a web application firewall to block suspicious HTTP requests. This vulnerability poses a serious threat to organizations and individuals who have not applied the necessary security patches. It is crucial to apply the latest updates and adhere to best practices for secure web application management to minimize the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.