CVE-2024-48992

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024

Updated: Dec 3, 2024

CWE ID 427

Summary

CVE-2024-48992 is a vulnerability affecting Qualys' needrestart software before version 3.8. This issue permits local attackers to execute arbitrary code as root by manipulating the RUBYLIB environment variable, tricking needrestart into launching the Ruby interpreter with the attacker's malicious code. This flaw poses a significant risk to systems running the vulnerable version of needrestart, necessitating immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zaMbf_
https://www.cve.org/CVERecord?id=CVE-2024-48992
https://nvd.nist.gov/vuln/detail/CVE-2024-48992

Back to Vulnerability Database

CVE-2024-48992

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations