admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-228xx/CVE-2024-22894.json
cad-safe-bot 7e1f66661e Auto-Update: 2024-03-05T23:00:26.286741+00:00
2024-03-05 23:00:30 +00:00

157 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-22894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T10:15:09.833",
"lastModified": "2024-03-05T21:15:07.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file."
},
{
"lang": "es",
"value": "Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de contrase\u00f1a en el archivo sombra."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.88.3",
"matchCriteriaId": "0748DE3E-9C10-4E55-9CE2-2FC142C70AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.89.0",
"matchCriteriaId": "1AB21F68-A56D-44F4-9E8F-35FE4F633276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.81.3",
"matchCriteriaId": "AF001062-843A-48C0-BBB1-39EF0169FF04"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alpha-innotec:heat_pumps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D87D8C1B-B1F7-4FC4-B857-5BEEA2A8C74F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.88.3",
"matchCriteriaId": "DDDB466A-0CC1-4C7B-914A-BEC7A3AFA835"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.89.0",
"matchCriteriaId": "F60C4875-FB5D-41A8-8FCC-EEF050BDE9A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.81.3",
"matchCriteriaId": "9DFEEE56-A799-4CCD-A33B-83A0177FCF71"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:novelan:heat_pumps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BCEF4F-B08E-4776-94D9-EABA4F3BE412"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Jaarden/CVE-2024-22894",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink