CVE-2024-43690
Sept. 11, 2024, 4:26 p.m.
Tags
CVSS Score
Product(s) Impacted
Command Centre Server
- 9.10 prior to vEL9.10.1530 (MR2)
- 9.00 prior to vEL9.00.2168 (MR4)
- 8.90 prior to vEL8.90.2155 (MR5)
- 8.80 prior to vEL8.80.1938 (MR6)
- all versions of 8.70 and prior
Command Centre Workstations
- 9.10 prior to vEL9.10.1530 (MR2)
- 9.00 prior to vEL9.00.2168 (MR4)
- 8.90 prior to vEL8.90.2155 (MR5)
- 8.80 prior to vEL8.80.1938 (MR6)
- all versions of 8.70 and prior
Description
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.
Weaknesses
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
CWE ID: 829Date
Published: Sept. 11, 2024, 5:15 a.m.
Last Modified: Sept. 11, 2024, 4:26 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
disclosures@gallagher.com
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H