Login Sign Up

CVE-2024-4299

7.2 HIGH
Remote Code Execution

📋 TL;DR

This CVE allows remote attackers with administrative privileges to execute arbitrary system commands on HGiga iSherlock products through command injection in the system configuration interface. The vulnerability affects MailSherlock, SpamSherlock, and AuditSherlock products. Attackers can gain full control of affected systems.

💻 Affected Systems

Products:
  • HGiga iSherlock
  • MailSherlock
  • SpamSherlock
  • AuditSherlock
Versions: Specific versions not specified in provided references
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative privileges to exploit. All configurations with the vulnerable interface are affected.

📦 What is this software?

Isherlock by Hgiga

View all CVEs affecting Isherlock →

Isherlock by Hgiga

View all CVEs affecting Isherlock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers with administrative access exploit the vulnerability to execute commands, potentially installing backdoors, stealing sensitive data, or disrupting services.

🟢

If Mitigated

With proper network segmentation and administrative access controls, impact is limited to the affected system only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrative credentials but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-7771-36c50-1.html

Restart Required: Yes

Instructions:

1. Contact HGiga for security patches. 2. Apply patches to all affected systems. 3. Restart services as required. 4. Verify patch application.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to the configuration interface to only trusted IP addresses and users.

Network Segmentation

all

Isolate affected systems in separate network segments to limit lateral movement.

🧯 If You Can't Patch

  • Implement strict network access controls to limit administrative interface access to only necessary IPs.
  • Monitor for suspicious command execution patterns and administrative access attempts.

🔍 How to Verify

Check if Vulnerable:

Check if system is running affected HGiga iSherlock products and has administrative interface exposed.

Check Version:

Check product version through administrative interface or vendor documentation.

Verify Fix Applied:

Verify patch version from vendor and test that command injection attempts are properly filtered.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Multiple failed administrative login attempts followed by successful login
  • Suspicious system commands in application logs

Network Indicators:

  • Unusual outbound connections from affected systems
  • Traffic to known malicious IPs

SIEM Query:

source="*iSherlock*" AND (event="command_execution" OR event="admin_login")

📊 Metadata

CVE ID: CVE-2024-4299
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: April 29, 2024
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4299, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)