CVE-2024-44598
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fntsoftware | fnt_command | to 13.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-44598 is a high-severity vulnerability in FNT Command versions up to 13.4.0 that allows authenticated attackers to upload malicious files without proper validation. These files can then be executed on the server with the application's privileges, leading to remote code execution. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to full compromise of the FNT Command instance, including unauthorized data access, modification, and potential lateral movement within the network, which can severely impact system integrity and confidentiality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2024-44598 involves checking for signs of arbitrary file uploads and execution on FNT Command versions up to 13.4.0. Since the vulnerability requires authentication and involves uploading malicious files, monitoring logs for unusual file upload activity or unexpected file types in upload directories is recommended. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's fix released in October 2024 for FNT Command. Additionally, restrict authenticated users' ability to upload files, monitor for suspicious file uploads, and consider isolating or limiting access to the affected system until patched. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to execute arbitrary code on the server, potentially leading to unauthorized data access and modification. This could result in violations of data protection regulations such as GDPR and HIPAA due to compromised confidentiality and integrity of sensitive data. Therefore, organizations using affected versions of FNT Command may face compliance risks if the vulnerability is exploited. [1]