OS Command Injection Vulnerability in RTI Connext Professional
CVE-2024-52058

8.6HIGH

Key Information:

Vendor: Rti
Status: Connext Professional
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-52058?

An OS Command Injection vulnerability has been identified in RTI Connext Professional (System Designer). This flaw allows attackers to execute arbitrary OS commands through improper neutralization of special elements. Specifically, versions 6.1.0 before 6.1.2.19 and 7.0.0 before 7.3.0.2 are at risk, potentially compromising system security and integrity.

Affected Version(s)

Connext Professional 7.0.0 < 7.3.0.2

Connext Professional 6.1.0 < 6.1.2.19

References

https://www.rti.com/vulnerabilities/#cve-2024-52058

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Nov 5, 2024

Rti

What is CVE-2024-52058?

Affected Version(s)

References

CVSS V4

Timeline