A vulnerabilit has been identified in the FNT Command Software allowing an authenticated attacker to execute arbitrary commands on the system.

Details

• Product: FNT Command
• Affected Versions: <= 13.4.0
• Vulnerability Type: CWE-434: Unrestrictted Upload of File with Dangerous Type
• Risk Level: High
• Vendor URL: https://www.fntsoftware.com/
• Vendor acknowledged vulnerability: Yes
• Vendor Status: Fixed
• CVE: CVE-2024-44598

Impact

The FNT Command Software does not properly check uploaded files. In consequence of missing file checks, an authenticated attacker is able to upload arbitrary files to execute commands on the system.

References

• National Vulnerability Database CVE-2024-44598

Timeline

• 2024-09: Vulnerability reported to the vendor.
• 2024-10: Vendor published a fix for the issue.
• 2025-04: Information about the vulnerability is published.

Credits

• Bastian Recktenwald (Bastian.Recktenwald@ZeroBreach.de)