Vulnerability Details CVE-2024-38288
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.327
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2024-38288
-
cpe:2.3:a:rhubcom:turbomeeting:-
-
cpe:2.3:a:rhubcom:turbomeeting:3.2
-
cpe:2.3:a:rhubcom:turbomeeting:3.2.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.3
-
cpe:2.3:a:rhubcom:turbomeeting:3.4
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.0
-
cpe:2.3:a:rhubcom:turbomeeting:4.1
-
cpe:2.3:a:rhubcom:turbomeeting:4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.3
-
cpe:2.3:a:rhubcom:turbomeeting:4.4
-
cpe:2.3:a:rhubcom:turbomeeting:5.0
-
cpe:2.3:a:rhubcom:turbomeeting:5.1
-
cpe:2.3:a:rhubcom:turbomeeting:6.0
-
cpe:2.3:a:rhubcom:turbomeeting:6.1
-
cpe:2.3:a:rhubcom:turbomeeting:7.0.2