CVE-2024-40895

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

Related Vulnerabilities

CVE-2017-6606

MEDIUM
CVSS:6.4(Medium)

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operati...

CWE-782017

CVE-2019-15274

MEDIUM
CVSS:6.4(Medium)

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficie...

CWE-782019

CVE-2019-1732

MEDIUM
CVSS:6.4(Medium)

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-u...

CWE-782019

CVE-2020-8130

MEDIUM
CVSS:6.4(Medium)

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

CWE-782020

CVE-2022-42433

MEDIUM
CVSS:6.4(Medium)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to e...

CWE-782022

CVE-2024-2742

MEDIUM
CVSS:6.4(Medium)

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploit...

CWE-782024