CVE-2024-41783

CVE-2024-41783 is a command injection vulnerability (CWE-77) in IBM Sterling Secure Proxy versions 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0. The flaw stems from improper validation of a specified type of input, enabling a privileged user to inject commands into the underlying operating system. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility and potential for severe impacts.

A high-privileged user (PR:H) can exploit the vulnerability remotely over the network (AV:N) with low complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) across a changed scope (S:C), potentially resulting in arbitrary command execution on the host operating system.

IBM has published a security bulletin detailing the vulnerability and recommended mitigations at https://www.ibm.com/support/pages/node/7176189. Security practitioners should consult this advisory for patch information and remediation steps specific to affected versions.