Yealink Meeting Server Vulnerability Discovered
CVE-2024-24091

9.8CRITICAL

Key Information:

Vendor: Yealink
Status: Yealink Meeting Server
Vendor: CVE Published:; 8 February 2024

What is CVE-2024-24091?

An OS command injection vulnerability exists in Yealink Meeting Server versions before 26.0.0.66, allowing attackers to exploit the file upload interface. This vulnerability can lead to unauthorized command execution on the server, posing significant risks to the confidentiality, integrity, and availability of the affected system. Proper security measures and patches are essential to mitigate these vulnerabilities and protect sensitive information.

References

https://www.yealink.com/en/trust-center/security-advisori...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Jan 25, 2024