admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-244xx/CVE-2025-24494.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

116 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-24494",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-03-05T16:15:38.937",
"lastModified": "2025-03-05T16:15:38.937",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal may allow remote code execution using privileged account \n(requires device admin account, cannot be performed by a regular user). \nIn combination with the 'Upload' functionality this could be used to \nexecute an arbitrary script or possibly an uploaded binary. Remediation \nin Version 6.7.0, release date: 20-Oct-24."
},
{
"lang": "es",
"value": "El path traversal puede permitir la ejecuci\u00f3n remota de c\u00f3digo mediante una cuenta privilegiada (requiere una cuenta de administrador del dispositivo, no puede ser realizada por un usuario normal). En combinaci\u00f3n con la funci\u00f3n \"Cargar\", esto podr\u00eda usarse para ejecutar un script arbitrario o posiblemente un binario cargado. Soluci\u00f3n en la versi\u00f3n 6.7.0, fecha de lanzamiento: 20 de octubre de 2024."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://support.ixiacom.com/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.keysight.com/us/en/contact.html",
"source": "ics-cert@hq.dhs.gov"
}
]
}
Reference in New Issue View Git Blame Copy Permalink