CVE-2024-47045
Sept. 26, 2024, 3:35 p.m.
Tags
CVSS Score
Product(s) Impacted
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Home GateWay/Hikari Denwa routers
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Home GateWay/Hikari Denwa routers
e-Tax software
- UNKNOWN
Description
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
Weaknesses
CWE-268
Privilege Chaining
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
CWE ID: 268CWE-451
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
CWE ID: 451Date
Published: Sept. 26, 2024, 4:15 a.m.
Last Modified: Sept. 26, 2024, 3:35 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vultures@jpcert.or.jp
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H