Migration Tools Vulnerable to OS Command Injection and Privilege Elevation
CVE-2024-24892

8.1HIGH

Key Information:

Vendor: Openeuler
Status: Migration-tools
Vendor: CVE Published:; 25 March 2024

What is CVE-2024-24892?

The openEuler migration-tools are vulnerable due to improper neutralization of special elements used in OS commands. This flaw allows attackers to perform command injection attacks, potentially leading to unauthorized command execution and privilege elevation. The issue specifically rests within certain program files of the migration-tools, which includes functionality that fails to adequately validate input. Users operating migration-tools versions 1.0.0 and 1.0.1 are at risk and should consider immediate action to mitigate potential exploitation. Continuous monitoring and updating of the affected systems is crucial for security.

Affected Version(s)

migration-tools Linux 1.0.0 <= 1.0.1

References

https://www.openeuler.org/zh/security/security-bulletins/...

https://gitee.com/src-openeuler/migration-tools/pulls/12

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
Feb 1, 2024

Openeuler

What is CVE-2024-24892?

Affected Version(s)

References

CVSS V3.1

Timeline