CVE-2024-51721

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Nov 12, 2024 / Updated: 7d ago

010
CVSS 7.3EPSS 0.04%High
CVE info copied to clipboard

A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51721

Nov 12, 2024 at 7:15 PM
CVSS

A CVSS base score of 7.3 has been assigned.

Nov 12, 2024 at 7:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-51721. See article

Nov 12, 2024 at 7:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 12, 2024 at 7:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.1%)

Nov 13, 2024 at 5:07 PM
Static CVE Timeline Graph

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

NA - CVE-2024-51721 - A code injection vulnerability in the SecuSUITE...
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other...
CVE-2024-51721
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root...
CVE-2024-51721 - SecuSUITE Server Web Administration Portal Root Privilege Code Injection Vulnerability
CVE ID : CVE-2024-51721 Published : Nov. 12, 2024, 7:15 p.m. 50 minutes ago Description : A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. Severity: 7.3 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51721
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.
CVE-2024-51721 | BlackBerry SecuSUITE up to 5.0.420 Web Administration Portal link following
A vulnerability classified as critical has been found in BlackBerry SecuSUITE up to 5.0.420 . Affected is an unknown function of the component Web Administration Portal . The manipulation leads to link following. This vulnerability is traded as CVE-2024-51721 . Access to the local network is required for this attack. There is no exploit available.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:High
Privileges Required:High
User Interaction:Required
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI