CVE-2024-44722
Received Received - Intake
Command Injection in SysAK v2.0 Allows Remote Code Execution

Publication date: 2026-03-20

Last updated on: 2026-04-14

Assigner: MITRE

Description
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-15
NVD
CVE-2024-44722
EUVD
EUVD-2024-55479
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anolis sysak to 2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-44722 affects SysAK versions up to and including 2.0. The vulnerability is a command execution flaw that allows an attacker to execute arbitrary commands on the affected system.

Specifically, the exploit involves injecting commands such as `aaa;cat /etc/passwd`, which demonstrates the ability to execute shell commands and potentially access sensitive system files like `/etc/passwd`.

This indicates improper input validation or sanitization in SysAK versions 2.0 and earlier, leading to remote or local command injection risks.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on your system, potentially leading to unauthorized access and control.

By exploiting this flaw, an attacker could read sensitive files such as `/etc/passwd`, which may contain user account information.

Such unauthorized command execution could lead to system compromise, data leakage, privilege escalation, or disruption of normal operations.

Compliance Impact

I don't know

Detection Guidance

The vulnerability in SysAK v2.0 and earlier allows command execution via injection such as `aaa;cat /etc/passwd`. Detection can involve testing for command injection by attempting to inject commands in input fields or interfaces that accept commands.

A practical detection method is to try executing a command injection test like `aaa;cat /etc/passwd` on the SysAK interface or command input points to see if the system executes the injected command and returns the contents of the /etc/passwd file.

  • Use command injection test payloads such as `aaa;cat /etc/passwd` in SysAK input fields.
  • Monitor system logs for unexpected command executions or access to sensitive files like /etc/passwd.
Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-44722. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart