CVE-2024-45249
published 2024-10-06CVE-2024-45249: Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.40%
31.5th percentile
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cavok | cavok | >= Cavok before versions 4.7.2, 4.6.11 < Upgrade to versions 4.7.2, 4.6.11 or higher | Upgrade to versions 4.7.2, 4.6.11 or higher |
| peak-14 | cavok | < 4.6.11 | 4.6.11 |
| peak-14 | cavok | >= 4.7 < 4.7.2 | 4.7.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j3cm-5453-m956: Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ghsa_unreviewed·2024-10-06
CVE-2024-45249 [CRITICAL] CWE-89 GHSA-j3cm-5453-m956: Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CISA
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
cisa·2024-07-29·CVSS 9.8
CVE-2023-45249 [CRITICAL] CWE-1393 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Vulnerability: Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Affected: Acronis Cyber Infrastructure (ACI)
Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Remediation Due Date: 2024-08-19
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-06
Published