← Zuruck zu CVEs
CVE-2024-40895
MEDIUM6.4
Beschreibung
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
CVE Details
CVSS v3.1 Bewertung6.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht7/30/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-78
Referenzen
https://jvn.jp/en/jp/JVN26734798/(vultures@jpcert.or.jp)
https://www.ffri.jp/assets/files/other_docs/20240729.pdf(vultures@jpcert.or.jp)
https://www.skyseaclientview.net/news/240729_01/(vultures@jpcert.or.jp)
https://www.support.nec.co.jp/View.aspx?id=3140109694(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN26734798/(af854a3a-2127-422b-91ae-364da2661108)
https://www.ffri.jp/assets/files/other_docs/20240729.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://www.skyseaclientview.net/news/240729_01/(af854a3a-2127-422b-91ae-364da2661108)
https://www.support.nec.co.jp/View.aspx?id=3140109694(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.