CVE-2024-51550

EIP tracks 1 public exploit for CVE-2024-51550.

AI-analyzed exploit summary The exploit demonstrates a blind command injection vulnerability in ABB Cylon Aspect's bbmdUpdate.php. It leverages unsanitized POST parameters (e.g., hexMask2, NAThexMask2) to inject shell commands (e.g., 'sleep 17') via authenticated HTTP requests.

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02