← Voltar para CVEs
CVE-2024-47901
CRITICAL10.0
Descricao
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/23/2024
Ultima modificacao10/30/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
siemens:intermesh_7177_hybrid_2.0_subscribersiemens:intermesh_7707_fire_subscribersiemens:intermesh_7707_fire_subscriber_firmware
Fraquezas (CWE)
CWE-78
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-333468.html(productcert@siemens.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.