Remote Code Execution Vulnerability in Security Center Application
CVE-2024-1367

7.2HIGH

Key Information:

Vendor: Tenable
Status: Security Center
Vendor: CVE Published:; 14 February 2024

What is CVE-2024-1367?

A command injection vulnerability has been identified within the Security Center application, allowing an authenticated remote attacker with administrator privileges to alter Logging parameters. This manipulation can lead to the execution of arbitrary code on the host running the Security Center, posing a significant risk to the application's integrity and security. Proper measures should be taken to address this vulnerability to prevent potential exploitation.

Affected Version(s)

Security Center Linux 0

References

https://www.tenable.com/security/tns-2024-02

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 8, 2024

Credit

Paweł Bednarz

Tenable

What is CVE-2024-1367?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit