CVE-2024-50704
Published: 04 March 2025
Summary
CVE-2024-50704 is a critical-severity Code Injection (CWE-94) vulnerability in Uniguest Tripleplay. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-50704 is an unauthenticated remote code execution vulnerability affecting Uniguest Tripleplay versions prior to 24.2.1. It is tracked under CWE-94 and carries a CVSS 3.1 base score of 10.0 reflecting network attack vector, low complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability within a changed scope.
Remote attackers can exploit the flaw by sending a specially crafted HTTP POST request to an exposed Tripleplay instance, resulting in arbitrary code execution on the target system without any authentication.
Uniguest has published mitigation guidance in its CVE bulletins and a dedicated vulnerability summary document available at the referenced URLs.
The associated EPSS score rose from a low baseline to a peak of 0.0832 on 2026-04-18 before receding to the current value of 0.0449, indicating that exploitation interest emerged after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54225
Vulnerability details
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE in public-facing application via crafted HTTP request directly maps to T1190 Exploit Public-Facing Application for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the unauthenticated RCE vulnerability by requiring timely patching to Uniguest Tripleplay version 24.2.1 or later.
Validates and sanitizes specially crafted HTTP POST requests to prevent arbitrary code execution.
Limits permitted actions without authentication to exclude capabilities that enable remote code execution via HTTP POST.