How severe is CVE-2024-7448?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-7448?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-7448 - HIGH Severity | CVSS 8

Vulnerability Description

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23964.

Related Vulnerabilities

CVE-2015-5018

HIGH

CVSS:8.0(High)

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands...

CWE-782015

CVE-2017-2183

HIGH

CVSS:8.0(High)

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

CWE-782017

CVE-2018-16216

HIGH

CVSS:8.0(High)

A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in th...

CWE-782018

CVE-2018-19977

HIGH

CVSS:8.0(High)

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple...

CWE-782018

CVE-2018-21101

HIGH

CVSS:8.0(High)

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CWE-782018

CVE-2019-11539

HIGH

CVSS:8.0(High)

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX be...

CWE-782019