CVE-2024-44598
Published: 15 December 2025
Description
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the code execution vulnerability by requiring timely identification, reporting, and correction of flaws in FNT Command's C Base Module.
Prevents exploitation of the CWE-434 unrestricted upload leading to code execution by enforcing validation of all inputs to the C Base Module.
Limits the impact of low-privilege (PR:L) exploitation by ensuring accounts have only necessary privileges, reducing potential damage from arbitrary code execution.
Security SummaryAI
CVE-2024-44598 is a code execution vulnerability in FNT Command version 13.4.0, specifically via the C Base Module. Published on 2025-12-15, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-434.
The vulnerability can be exploited by an attacker with low privileges over the network, requiring low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling arbitrary code execution on the affected system.
Advisories and further details are available from the vendor at http://fnt.com and a technical analysis gist by ZeroBreach-GmbH at https://gist.github.com/ZeroBreach-GmbH/e957dc32e72b366894565b7ff03659a4.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-44598 enables remote code execution over the network with low privileges (PR:L), directly facilitating Exploitation of Remote Services (T1210) for lateral movement and Exploitation for Privilege Escalation (T1068) due to high-impact confidentiality, integrity, and availability effects.