CVE-2024-48990

HIGH

CVSS v3

7.8

HIGH

EPSS Score

19.8%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

Technical Details

Published
11/19/2024

Frequently Asked Questions

What is CVE-2024-48990?

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.

Is CVE-2024-48990 actively exploited?

Active exploitation of CVE-2024-48990 has not been confirmed. The EPSS score is 19.8%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-48990?

CVE-2024-48990 has a CVSS v3 base score of 7.8 (HIGH severity).

Is CVE-2024-48990 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.