From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability 2. Vulnerability IDs: - ZDI-24-1230 - ZDI-CAN-24160 3. CVE ID: CVE-2024-8806 4. CVSS Score: 9.8 5. Affected Vendor: Cohesive Networks 6. Affected Product: VNS3 7. Vulnerability Details: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Cohesive Networks VNS3 installations. - The vulnerability can be exploited without authentication. - The issue resides in a web service that listens on the default TCP port 8000, which does not properly validate user-supplied strings, leading to their use in system calls. - Attackers can leverage this vulnerability to execute code with root privileges. 8. Additional Details: - Cohesive Networks has released updates to fix this vulnerability. - More details are available at: https://cohesive.net/support/security-responses/ 9. Disclosure Timeline: - 2024-07-24: Vulnerability reported to vendor - 2024-09-17: Coordinated public disclosure of vulnerability advisory - 2024-09-17: Advisory update published 10. Credit: - Mehmet INCE (@mdisec) from PRODAFT This information provides a detailed description of the vulnerability, including its severity, affected systems and vendors, exploitation conditions, and vendor response measures.