PatchSiren cyber security CVE debrief
CVE-2024-9441 Nice CVE debrief
CVE-2024-9441 affects Nice Linear eMerge E3 systems through version 1.00-07 and is rated critical (CVSS 9.8). According to the CISA CSAF advisory, a remote, unauthenticated attacker can execute arbitrary OS commands by abusing the login_id parameter during the forgot_password HTTP functionality. The advisory was first published on 2025-04-24 and later revised on 2025-05-06 for typo fixes. Nice did not indicate if or when a patch would be developed in the advisory, so organizations should prioritize exposure reduction and vendor monitoring immediately.
- Vendor
- Nice
- Product
- Linear eMerge E3
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-24
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-24
- Advisory updated
- 2025-05-06
Who should care
Security and operations teams responsible for Nice Linear eMerge E3 deployments, especially facilities, physical access control, OT/ICS, and network teams. This is most urgent for devices that are reachable over HTTP, exposed beyond a trusted management network, or managed by third parties.
Technical summary
CISA’s CSAF advisory ICSA-25-114-04 identifies an OS command injection issue in Nice Linear eMerge E3 through 1.00-07. The issue is reachable over HTTP through the forgot_password function, where the login_id parameter can be abused by an unauthenticated remote attacker to trigger arbitrary OS command execution. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting high impact and no authentication or user interaction requirements. The advisory does not state a vendor patch timeline, and instead emphasizes network isolation and other defensive controls.
Defensive priority
Urgent. Because the flaw is network-reachable, unauthenticated, and allows arbitrary command execution on an access-control/OT device, exposed instances should be treated as high risk and isolated immediately until mitigations are in place.
Recommended defensive actions
- Inventory all Nice Linear eMerge E3 devices and confirm whether any are running version 1.00-07 or earlier.
- Minimize network exposure of the devices and ensure they are not accessible from the internet.
- Place the devices behind firewalls and isolate them from other networks.
- If remote access is required, use secure methods such as a VPN and keep VPN software up to date.
- Change default credentials on the device.
- Change the device’s default IP address where applicable.
- Review Nice’s E3-Bulletin and related Telephone Entry Bulletin for the latest product security guidance.
- Contact Nice for vendor guidance and monitor for a fixed release or further advisory updates.
Evidence notes
All substantive claims are grounded in the supplied CISA CSAF source item for ICSA-25-114-04 and its cited remediation text. The advisory states that Linear eMerge e3-Series through version 1.00-07 is vulnerable to OS command injection via the login_id parameter in forgot_password over HTTP, and that the issue affects remote, unauthenticated attackers. The source item shows initial publication on 2025-04-24 and a revision on 2025-05-06 with typo fixes only. The supplier notes do not provide a patch date, and the remediation section emphasizes exposure reduction and defensive controls.
Official resources
-
CVE-2024-9441 CVE record
CVE.org
-
CVE-2024-9441 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published ICSA-25-114-04 / CVE-2024-9441 on 2025-04-24 and revised it on 2025-05-06 for typo corrections. No KEV listing was provided in the supplied enrichment, and the advisory does not specify a patch release timeline.