Back

CVE-2024-47045

Sept. 26, 2024, 3:35 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Home GateWay/Hikari Denwa routers

NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Home GateWay/Hikari Denwa routers

e-Tax software

  • UNKNOWN

Source

vultures@jpcert.or.jp

Tags

vultures@jpcert.or.jp
CWE-451
2024-09-26
CVE-2024-47045
CWE-268

CVE-2024-47045 details

Published : Sept. 26, 2024, 4:15 a.m.
Last Modified : Sept. 26, 2024, 3:35 p.m.

Description

Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.

CVSS Score

1 2 3 4 5 6 7.8 8 9 10

Weakness

Weakness Name Description
CWE-268 Privilege Chaining Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
CWE-451 User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

7.8

Exploitability Score

1.8

Impact Score

5.9

Base Severity

HIGH

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

URL Source
https://jvn.jp/en/jp/JVN57749899/ vultures@jpcert.or.jp
https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm vultures@jpcert.or.jp
This website uses the NVD API, but is not approved or certified by it.