CVE-2024-9139

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Oct 14, 2024 / Updated: 36d ago

010
CVSS 8.6EPSS 0.04%High
CVE info copied to clipboard

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9139

Oct 14, 2024 at 9:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9139. See article

Oct 14, 2024 at 9:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 14, 2024 at 9:24 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.4%)

Oct 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Moxa/tn-4900
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI