Reading: CVE Advisories — English for Security Engineers
Practice reading CVE (Common Vulnerabilities and Exposures) advisories. Learn CVSS score interpretation, affected version ranges, and workaround language.
CVE-2024-31337 — Read the advisory, then answer the questions below.
A deserialization vulnerability exists in the ImportConfig endpoint of Acme WebAdmin versions 3.0.0 through 3.4.2. An authenticated attacker with low privileges can craft a malicious payload that, when processed by the affected endpoint, results in arbitrary code execution on the host. This vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High), with the vector string AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Acme has released a fix in version 3.4.3. Until patching is possible, administrators are advised to disable the ImportConfig endpoint as a temporary workaround. No public exploit is known at the time of publication.
Question 1 of 5