CVE-2024-33566

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Apr 29, 2024

CWE ID 862

Summary

CVE-2024-33566 is a critical vulnerability affecting the N-Media OrderConvo software version 12.4 and below. This issue involves a missing authorization check, leading to an OS Command Injection flaw. An attacker can exploit this vulnerability to execute arbitrary commands on the targeted system, potentially leading to significant data loss or system compromise. Organizations using the OrderConvo software are strongly advised to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vlQI41
https://www.cve.org/CVERecord?id=CVE-2024-33566
https://nvd.nist.gov/vuln/detail/CVE-2024-33566

Back to Vulnerability Database

CVE-2024-33566

CVSS 3.1 Score 10.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations