CVE-2024-55030
Published: 25 March 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2024-55030 is a command injection vulnerability (CWE-77) in the Command Dispatcher Service of NASA Fprime version 3.4.3. It enables attackers to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), reflecting its network accessibility (AV:N), low attack complexity (AC:L), lack of required privileges or user interaction (PR:N/UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
The vulnerability can be exploited by unauthenticated attackers over the network. Successful exploitation grants remote code execution, allowing full control over the affected Fprime instance, including potential data exfiltration, system modification, or disruption of operations.
Advisories detailing the issue, including potential mitigations, are available from Vision Space at https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability enables remote arbitrary command execution on a network-accessible service (T1190: Exploit Public-Facing Application) and directly facilitates OS command execution (T1059: Command and Scripting Interpreter).