CVE-2024-41911

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Oct 28, 2024

CWE ID 79

Summary

CVE-2024-41911 is a newly identified vulnerability affecting Poly Clariti Manager devices with firmware builds up to 10.10.2.2. This issue stems from the devices' failure to adequately sanitize user input during web page generation, potentially leading to code injection attacks. An attacker could exploit this vulnerability to execute arbitrary code and gain unauthorized access to the affected system. The consequences could include data theft, device compromise, or even the creation of a backdoor for continued unauthorized access. Users are urged to update their firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xMbAyW
https://www.cve.org/CVERecord?id=CVE-2024-41911
https://nvd.nist.gov/vuln/detail/CVE-2024-41911

Back to Vulnerability Database

CVE-2024-41911

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations