Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities

Operating system (OS) command injection vulnerabilities are a preventable class of vulnerability in software products. Software manufacturers can eliminate them at the source by taking a secure by design approach. Despite this fact, OS command injection vulnerabilities continue to surface, allowing adversaries to exploit them to cause harm. CISA and FBI are releasing this Secure by Design Alert in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices (CVE- 2024-20399, CVE-2024-3400, CVE-2024-21887) to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network edge devices.

Please click here to read more detail