CVE-2024-49400

Summary

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

Affected Software

VendorProductVersion RangeStatus
MetaTacquito0 < 07b49d1358e6ec0b5aa482fcd284f509191119e2affected

Weaknesses

  • Permissive Regular Expression (CWE-625)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References