nvd-json-data-feeds/CVE-2024/CVE-2024-220xx/CVE-2024-22063.json

{
  "id": "CVE-2024-22063",
  "sourceIdentifier": "psirt@zte.com.cn",
  "published": "2024-12-30T10:15:05.867",
  "lastModified": "2025-01-28T17:05:45.353",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices."
    },
    {
      "lang": "es",
      "value": "Los productos ZENIC ONE R58 de ZTE Corporation tienen una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante autenticado puede aprovechar esta vulnerabilidad para manipular mensajes, inyectar c\u00f3digo malicioso y, posteriormente, lanzar ataques a los dispositivos relacionados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@zte.com.cn",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@zte.com.cn",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:zte:zenic_one_r58:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "16.24.40",
              "matchCriteriaId": "8F4F12D1-1686-4488-80F9-590DCB68CF41"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521",
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}