nvd-json-data-feeds/CVE-2024/CVE-2024-370xx/CVE-2024-37023.json

{
  "id": "CVE-2024-37023",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2024-08-12T13:38:22.837",
  "lastModified": "2024-08-12T13:41:36.517",
  "vulnStatus": "Undergoing Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de varios par\u00e1metros de endpoint."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH",
          "vulnerableSystemAvailability": "HIGH",
          "subsequentSystemConfidentiality": "HIGH",
          "subsequentSystemIntegrity": "HIGH",
          "subsequentSystemAvailability": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08",
      "source": "ics-cert@hq.dhs.gov"
    }
  ]
}
Auto-Update: 2024-08-12T14:00:18.173280+00:00 2024-08-12 14:03:14 +00:00			`{`
			`"id": "CVE-2024-37023",`
			`"sourceIdentifier": "ics-cert@hq.dhs.gov",`
			`"published": "2024-08-12T13:38:22.837",`
			`"lastModified": "2024-08-12T13:41:36.517",`
Auto-Update: 2024-08-18T02:00:17.097301+00:00 2024-08-18 02:03:12 +00:00			`"vulnStatus": "Undergoing Analysis",`
Auto-Update: 2024-08-12T14:00:18.173280+00:00 2024-08-12 14:03:14 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters."`
Auto-Update: 2024-08-18T02:00:17.097301+00:00 2024-08-18 02:03:12 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo que afectan a los rel\u00e9s de puente wifi industriales y a los repetidores de puente wifi de Vonets, versiones de software 3.3.23.6.9 y anteriores, permiten a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de varios par\u00e1metros de endpoint."`
Auto-Update: 2024-08-12T14:00:18.173280+00:00 2024-08-12 14:03:14 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "ics-cert@hq.dhs.gov",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"vulnerableSystemConfidentiality": "HIGH",`
			`"vulnerableSystemIntegrity": "HIGH",`
			`"vulnerableSystemAvailability": "HIGH",`
			`"subsequentSystemConfidentiality": "HIGH",`
			`"subsequentSystemIntegrity": "HIGH",`
			`"subsequentSystemAvailability": "HIGH",`
			`"exploitMaturity": "NOT_DEFINED",`
			`"confidentialityRequirements": "NOT_DEFINED",`
			`"integrityRequirements": "NOT_DEFINED",`
			`"availabilityRequirements": "NOT_DEFINED",`
			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
			`"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",`
			`"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",`
			`"modifiedVulnerableSystemAvailability": "NOT_DEFINED",`
			`"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",`
			`"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",`
			`"modifiedSubsequentSystemAvailability": "NOT_DEFINED",`
			`"safety": "NOT_DEFINED",`
			`"automatable": "NOT_DEFINED",`
			`"recovery": "NOT_DEFINED",`
			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
			`"providerUrgency": "NOT_DEFINED",`
			`"baseScore": 9.4,`
			`"baseSeverity": "CRITICAL"`
			`}`
			`}`
			`],`
			`"cvssMetricV31": [`
			`{`
			`"source": "ics-cert@hq.dhs.gov",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.1,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 6.0`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "ics-cert@hq.dhs.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-77"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08",`
			`"source": "ics-cert@hq.dhs.gov"`
			`}`
			`]`
			`}`