admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-123xx/CVE-2024-12356.json
cad-safe-bot 45d7a648bb Auto-Update: 2024-12-20T17:00:21.908448+00:00
2024-12-20 17:03:44 +00:00

137 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-12356",
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"published": "2024-12-17T05:15:06.413",
"lastModified": "2024-12-20T15:25:37.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad cr\u00edtica en los productos Privileged Remote Access (PRA) and Remote Support (RS) que puede permitir que un atacante no autenticado inyecte comandos que se ejecutan como un usuario del sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"cisaExploitAdd": "2024-12-19",
"cisaActionDue": "2024-12-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",
"weaknesses": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.1",
"matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.1",
"matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8"
}
]
}
]
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356",
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10",
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356",
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink