What is the severity of CVE-2024-11948?

CVE-2024-11948 has been classified as a critical vulnerability due to its ability to allow remote code execution without authentication.

How do I fix CVE-2024-11948?

To mitigate CVE-2024-11948, ensure that you update to the latest version of GFI Archiver that addresses this vulnerability.

What is the impact of CVE-2024-11948 on GFI Archiver installations?

CVE-2024-11948 allows attackers to execute arbitrary code on affected GFI Archiver installations, posing significant security risks.

Is authentication required to exploit CVE-2024-11948?

No, CVE-2024-11948 can be exploited without any authentication, making it particularly dangerous.

Which versions of GFI Archiver are affected by CVE-2024-11948?

CVE-2024-11948 affects all versions of GFI Archiver prior to version 15.7.

Vulnerability/
CVE-2024-11948

critical

9.8

CWE

1395

11/12/2024

13/12/2024

CVE-2024-11948: GFI Archiver Telerik Web UI Remote Code Execution Vulnerability

First published: Wed Dec 11 2024(Updated: )

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
GFI Archiver
GFI Archiver	<15.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-11948?
CVE-2024-11948 has been classified as a critical vulnerability due to its ability to allow remote code execution without authentication.
How do I fix CVE-2024-11948?
To mitigate CVE-2024-11948, ensure that you update to the latest version of GFI Archiver that addresses this vulnerability.
What is the impact of CVE-2024-11948 on GFI Archiver installations?
CVE-2024-11948 allows attackers to execute arbitrary code on affected GFI Archiver installations, posing significant security risks.
Is authentication required to exploit CVE-2024-11948?
No, CVE-2024-11948 can be exploited without any authentication, making it particularly dangerous.
Which versions of GFI Archiver are affected by CVE-2024-11948?
CVE-2024-11948 affects all versions of GFI Archiver prior to version 15.7.

agent/title
agent/first-publish-date
agent/type
agent/weakness
agent/references
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-24-1671
alias/ZDI-CAN-24041
alias/CVE-2024-11948
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/author
agent/event
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/trending
agent/tags
agent/source
vendor/gfi
canonical/gfi archiver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.