CVE-2024-3739

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 13, 2024

Updated: May 17, 2024

CWE ID 476

Summary

CVE-2024-3739 is a recently disclosed critical vulnerability in cym1102 nginxWebUI versions up to 3.9.9. The issue lies within the unknown code of the /adminPage/main/upload file and allows attackers to inject os commands through manipulation of the file argument. This vulnerability can be exploited remotely, making it a significant threat. The exploit for this issue has been made public, increasing the risk for potential attacks. VDB-260578 is the identifier assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ivanti Avalanche

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wWYiO3
https://www.cve.org/CVERecord?id=CVE-2024-3739
https://nvd.nist.gov/vuln/detail/CVE-2024-3739

Back to Vulnerability Database