From 751764767ef600163d0e15e533c77afc52186c20 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 4 Jun 2024 02:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/29xxx/CVE-2024-29972.json | 94 ++++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29973.json | 94 ++++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29974.json | 94 ++++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29975.json | 94 ++++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29976.json | 94 ++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3802.json | 82 +---------------------------- 6 files changed, 452 insertions(+), 100 deletions(-) diff --git a/2024/29xxx/CVE-2024-29972.json b/2024/29xxx/CVE-2024-29972.json index 734e4ab6cfa..0f15dfff7fb 100644 --- a/2024/29xxx/CVE-2024-29972.json +++ b/2024/29xxx/CVE-2024-29972.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zyxel.com.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0\u00a0could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NAS326 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(AAZF.17)C0" + } + ] + } + }, + { + "product_name": "NAS542 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(ABAG.14)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024" + }, + { + "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", + "refsource": "MISC", + "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29973.json b/2024/29xxx/CVE-2024-29973.json index 8683130a8bc..859c90ae454 100644 --- a/2024/29xxx/CVE-2024-29973.json +++ b/2024/29xxx/CVE-2024-29973.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zyxel.com.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NAS326 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(AAZF.17)C0" + } + ] + } + }, + { + "product_name": "NAS542 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(ABAG.14)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024" + }, + { + "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", + "refsource": "MISC", + "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29974.json b/2024/29xxx/CVE-2024-29974.json index 1ba78283661..d97a84f128f 100644 --- a/2024/29xxx/CVE-2024-29974.json +++ b/2024/29xxx/CVE-2024-29974.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zyxel.com.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **\nThe remote code execution vulnerability in the CGI program \u201cfile_upload-cgi\u201d in Zyxel NAS326 firmware versions before\u00a0V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NAS326 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(AAZF.17)C0" + } + ] + } + }, + { + "product_name": "NAS542 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(ABAG.14)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024" + }, + { + "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", + "refsource": "MISC", + "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29975.json b/2024/29xxx/CVE-2024-29975.json index 0386aab36b0..51c34d2b087 100644 --- a/2024/29xxx/CVE-2024-29975.json +++ b/2024/29xxx/CVE-2024-29975.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zyxel.com.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NAS326 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(AAZF.17)C0" + } + ] + } + }, + { + "product_name": "NAS542 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(ABAG.14)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024" + }, + { + "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", + "refsource": "MISC", + "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29976.json b/2024/29xxx/CVE-2024-29976.json index da2ae551f66..ad13cef5c1b 100644 --- a/2024/29xxx/CVE-2024-29976.json +++ b/2024/29xxx/CVE-2024-29976.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zyxel.com.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the command \u201cshow_allsessions\u201d in Zyxel NAS326 firmware versions before\u00a0V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0\u00a0could allow an authenticated attacker to obtain a logged-in administrator\u2019s session information containing cookies on an affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NAS326 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(AAZF.17)C0" + } + ] + } + }, + { + "product_name": "NAS542 firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< V5.21(ABAG.14)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024" + }, + { + "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", + "refsource": "MISC", + "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3802.json b/2024/3xxx/CVE-2024-3802.json index fc357424862..53817b67ece 100644 --- a/2024/3xxx/CVE-2024-3802.json +++ b/2024/3xxx/CVE-2024-3802.json @@ -5,91 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-3802", "ASSIGNER": "report@directcyber.com.au", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauthenticated local attacker.\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-1263", - "cweId": "CWE-1263" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Celeste", - "product": { - "product_data": [ - { - "product_name": "Celeste", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "version": "22.x" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3802", - "refsource": "MISC", - "name": "https://nvd.nist.gov/vuln/detail/CVE-2024-3802" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "PHYSICAL", - "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:H", - "version": "3.1" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] }