CVE-2024-24621
Critical
Published: 25 July 2024
Published
25 July 2024
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0005
16.0th percentile
Risk Priority
20
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-24621 is a critical-severity Incorrect Comparison (CWE-697) vulnerability in Softaculous Webuzo. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-22022
Vulnerability details
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
softaculous
webuzo
≤ 4.2.9
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.