admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/37xxx/CVE-2024-37023.json
CVE Team 7d6493b6f2
"-Synchronized-Data."
2024-08-08 20:00:35 +00:00

265 lines
11 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-37023",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vonets",
"product": {
"product_data": [
{
"product_name": "VAR1200-H",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAR1200-L",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAR600-H",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11AC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11G-500S",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VBG1200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11S-5G",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11S",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAR11N-300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11G-300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11N-300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11G",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VAP11G-500",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
},
{
"product_name": "VGA-1000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.3.23.6.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\">Vonets support</a> for additional information.\n\n<br>"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"credits": [
{
"lang": "en",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink