← Zuruck zu CVEs
CVE-2024-47901
CRITICAL10.0
Beschreibung
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/23/2024
Zuletzt geandert10/30/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
siemens:intermesh_7177_hybrid_2.0_subscribersiemens:intermesh_7707_fire_subscribersiemens:intermesh_7707_fire_subscriber_firmware
Schwachen (CWE)
CWE-78
Referenzen
https://cert-portal.siemens.com/productcert/html/ssa-333468.html(productcert@siemens.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.