CVE-2024-48991

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024

Updated: Dec 3, 2024

Summary

CVE-2024-48991 is a vulnerability affecting Qualys' needrestart component before version 3.8. This issue permits local attackers to execute arbitrary root code by exploiting a race condition and deceiving needrestart into utilizing a fake Python interpreter instead of the genuine system Python interpreter. An initial patch (6ce6136) inadvertently introduced a regression, which was later rectified (42af5d3).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zaMVKU
https://www.cve.org/CVERecord?id=CVE-2024-48991
https://nvd.nist.gov/vuln/detail/CVE-2024-48991

Back to Vulnerability Database

CVE-2024-48991

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations