CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:sophos:taegis_endpoint_agent:*:*:*:*:*:linux:*:*

cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*

History

07 May 2025, 16:34

Type	Values Removed	Values Added
First Time		Sophos taegis Endpoint Agent Debian debian Linux Sophos Debian
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:debian:debian_linux:-:::::::* cpe:2.3:a:sophos:taegis_endpoint_agent::::::linux::*
References	~~() https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe -~~	() https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe - Vendor Advisory
CWE		CWE-94

11 Apr 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 13:15

Updated : 2025-05-07 16:34

NVD link : CVE-2024-13861

Mitre link : CVE-2024-13861

JSON object : View

Products Affected

debian

debian_linux

sophos

taegis_endpoint_agent

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

7.8 /10