CVE-2024-44598 – FNT Command 13.4.0 contains a vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2024-44598?

CVE-2024-44598 has a CVSS score of 8.8 (HIGH). FNT Command 13.4.0 contains a vulnerability in its C Base Module that allows remote code execution. Attackers can upload malicious files to execute arbitrary code on affected systems. Organizations using FNT Command 13.4.0 for infrastructure management are affected.

📋 TL;DR

FNT Command 13.4.0 contains a vulnerability in its C Base Module that allows remote code execution. Attackers can upload malicious files to execute arbitrary code on affected systems. Organizations using FNT Command 13.4.0 for infrastructure management are affected.

💻 Affected Systems

Products:

FNT Command

Versions: 13.4.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The C Base Module is a core component of FNT Command used for infrastructure management.

📦 What is this software?

Fnt Command by Fntsoftware

View all CVEs affecting Fnt Command →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, deploy ransomware, or pivot to other network systems.

🟠

Likely Case

Attackers gain initial foothold on the server, install backdoors, exfiltrate configuration data, and potentially compromise connected infrastructure management systems.

🟢

If Mitigated

Attack is blocked at network perimeter or detected before code execution, limiting impact to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub demonstrates file upload leading to code execution. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://fnt.com

Restart Required: No

Instructions:

1. Contact FNT Software for patch availability 2. Apply vendor-provided patch 3. Verify patch installation 4. Restart services if required

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to FNT Command to trusted networks only

Web Application Firewall Rules

all

Block file upload requests to C Base Module endpoints

🧯 If You Can't Patch

Isolate FNT Command server from internet and restrict internal access
Implement strict file upload validation and monitoring for the C Base Module

🔍 How to Verify

Check if Vulnerable:

Check FNT Command version via web interface or configuration files. Version 13.4.0 is vulnerable.

Check Version:

Check web interface or consult FNT Command documentation for version check procedure

Verify Fix Applied:

Verify version is updated beyond 13.4.0 or test file upload functionality to C Base Module endpoints.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to C Base Module endpoints
Suspicious process execution from web server context
Unexpected network connections from FNT Command server

Network Indicators:

HTTP POST requests to C Base Module file upload endpoints
Outbound connections from FNT Command server to unknown external IPs

SIEM Query:

source="fnt-command" AND (url="*c-base*" AND method="POST") OR process="cmd.exe" OR process="powershell.exe"

📊 Metadata

CVE ID: CVE-2024-44598

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.08% exploit probability (23.8th percentile)

Published: December 15, 2025

Last Updated: December 23, 2025

🔗 References

http://fnt.com Not Applicable
https://gist.github.com/ZeroBreach-GmbH/e957dc32e72b366894565b7ff03659a4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44598, you might also want to check these: