CVE-2024-41199

HIGH

Ocuco Innovation JOBMANAGER.EXE 2.10.24.16 - Unauthenticated Privilege Escalation via Crafted TCP Packet

Title source: llm

Description

An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

References (2)

Core 2

Core References

Permissions Required

https://drive.google.com/file/d/1dVvH9l0gKRK0OPcF6_8yTLPsARKFqWqB/view?usp=drive_link

Exploit

https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md

Scores

CVSS v3 7.2

EPSS 0.0049

EPSS Percentile 38.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269 CWE-287

Status published

Products (1)

ocuco/innovation 2.10.24.16

Published May 22, 2025

Tracked Since Feb 18, 2026