CVE-2024-12970

LOW

TUBITAK BILGEM Pardus OS My Computer <0.7.2 - Code Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.

Exploits (1)

nomisec WRITEUP

by osmancanvural · poc

https://github.com/osmancanvural/CVE-2024-12970

View Code ZIP pw:eip

References (1)

[Third Party Advisory, US Government Resource] https://www.usom.gov.tr/bildirim/tr-24-1900

Scores

CVSS v3 3.9

EPSS 0.0198

EPSS Percentile 83.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (1)

TUBITAK BILGEM/Pardus OS My Computer < 0.7.2

Published Jan 06, 2025

Tracked Since Feb 18, 2026