CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45274

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00461/1

CVE-2024-45274 allows unauthenticated remote attackers to execute operating system commands via UDP, posing a significant security risk. Due to missing authentication, malicious actors can gain unauthorized access to the device. Despite a low CVSS score, the presence of the In The Wild tag is concerning. The SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates a moderate risk level, but given the potential for remote command execution, patching should be prioritized. This vulnerability can lead to complete system compromise, data breaches, and denial of service. Immediate action is necessary to mitigate the risk of exploitation by threat actors. Organizations should apply the necessary patches or implement compensating controls to prevent potential attacks. The ability to execute arbitrary OS commands makes this a particularly dangerous vulnerability.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-15
LAST MODIFIED2024-10-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-45274 is a critical vulnerability that allows an unauthenticated remote attacker to execute OS commands via UDP on the device due to missing authentication. The CVSS score of 9.8 indicates the high severity of this vulnerability, while the SVRS of 42 suggests that it is not as critical as other vulnerabilities with SVRS scores above 80.

Key Insights

  • This vulnerability can be exploited remotely without requiring authentication, making it easy for attackers to target vulnerable devices.
  • The vulnerability allows attackers to execute arbitrary OS commands, giving them complete control over the affected device.
  • The vulnerability affects a wide range of devices, including routers, switches, and firewalls.

Mitigation Strategies

  • Apply the latest security patches from the vendor as soon as possible.
  • Implement network segmentation to limit the impact of an attack.
  • Use intrusion detection and prevention systems to detect and block malicious activity.
  • Regularly monitor network traffic for suspicious activity.

Additional Information

  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • The vulnerability is not known to be used in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – Nov 03)
Ajit Jasrotia2024-11-04
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – Nov 03) | This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We’re talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 […] The post THN Recap: Top Cybersecurity Threats, Tools, and Practices
allhackernews.com
rss
forum
news

Social Media

CVE-2024-45274 An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. https://t.co/JOiQcnIEhd
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://cert.vde.com/en/advisories/VDE-2024-056
[email protected]https://cert.vde.com/en/advisories/VDE-2024-066

CWE Details

CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence