OS command injection in Hardware solutions

#VU97986 OS command injection in Hardware solutions

Published: 2024-10-03

Vulnerability identifier: #VU97986

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41585

CWE-ID: CWE-78

Exploitation vector: Local

Exploit availability: No

Vendor:

Description

The vulnerability allows a malicious guest to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the recvCmd binary, used by the host OS for communicating with the guest OS. A malicious guest can pass specially crafted data to the binary and execute arbitrary OS commands on the host OS.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.forescout.com/resources/draybreak-draytek-research/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in DrayTek products