admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-11xx/CVE-2024-1149.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

145 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-1149",
"sourceIdentifier": "security@snowsoftware.com",
"published": "2024-02-08T13:15:09.147",
"lastModified": "2024-02-15T17:52:08.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.\n\n"
},
{
"lang": "es",
"value": "Verificaci\u00f3n incorrecta de la vulnerabilidad de firma criptogr\u00e1fica en Snow Software Inventory Agent en MacOS, Snow Software Inventory Agent en Windows y Snow Software Inventory Agent en Linux permite la manipulaci\u00f3n de archivos a trav\u00e9s de paquetes de actualizaci\u00f3n Snow. Este problema afecta a Inventory Agent: hasta 6.12.0; Agente de Inventario: hasta 6.14.5; Agente de Inventario: hasta 6.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "security@snowsoftware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "E82E3DB3-2CBC-44BB-A553-682431C08AF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14.0",
"versionEndExcluding": "6.14.5",
"matchCriteriaId": "5C9FF448-B8FA-4A84-802C-370D5D902E2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snowsoftware:snow_inventory_agent:6.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B7E019-F9A5-4CF5-9C4D-B56119AF80CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK",
"source": "security@snowsoftware.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink