CVE-2024-3123

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jul 1, 2024

CWE ID 434

Summary

CVE-2024-3123 is a vulnerability affecting the Mobile One Time Password's uploading function in a hidden page. This issue allows remote attackers, who have obtained administrator privileges, to bypass the improper file type filtering mechanism. As a result, they can upload and execute malicious files, leading to system command execution. This security flaw poses a serious risk to the affected system, making it essential to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wvs9jK
https://www.cve.org/CVERecord?id=CVE-2024-3123
https://nvd.nist.gov/vuln/detail/CVE-2024-3123

Back to Vulnerability Database

CVE-2024-3123

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations