CVE-2024-8073

Summary

CVE-2024-8073 is an improper input validation vulnerability found in Hillstone Networks Web Application Firewall versions 5.5R6-2.6.7 through 5.5R6-2.8.13, allowing for command injection attacks. Affected products include a range of Hillstone Networks devices such as x-PQMR, x-PQMQ, and x-PQMS among others. The vulnerability has a critical base score of 9.8 and poses significant risks to organizational integrity, confidentiality, and availability due to its low attack complexity and lack of required privileges or user interaction. Remediation steps include updating to the latest firmware version provided by Hillstone Networks as per their security notification issued on August 21, 2024. Organizations should take immediate action to mitigate potential exploitation through network attack vectors that could lead to severe impacts on system functionality and data security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.