CVE-2024-45252 CRITICAL

CVE-2024-45252: Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vendor Elsight

Product Halo version 11.7.1.5

Weakness CWE-78

Published October 6, 2024

Last update October 7, 2024

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Key dates

October 6, 2024 CVE published

October 7, 2024 Record updated

External resources

Related vulnerabilities

CVE CVE-2024-45252

CWE CWE-78

CVSS 9.8 / CRITICAL

Vendor Elsight

Product Halo version 11.7.1.5

Affected ≥ version 11.7.1.5 and < Upgrade to version 11.9.4.0