CVE-2024-21805

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21805
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN54451757/
https://www.skyseaclientview.net/news/240307_01/
https://jvn.jp/en/jp/JVN54451757/
https://www.skyseaclientview.net/news/240307_01/
Configurations

No configuration.

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN54451757/ - () https://jvn.jp/en/jp/JVN54451757/ -
References () https://www.skyseaclientview.net/news/240307_01/ - () https://www.skyseaclientview.net/news/240307_01/ -

05 Aug 2024, 18:35

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
Summary
  • (es) Existe una vulnerabilidad de control de acceso inadecuado en la carpeta específica de las versiones de SKYSEA Client View desde la versión 16.100 anterior a la versión 19.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesión en la PC donde está instalado el cliente Windows del producto puede colocar un archivo arbitrario en la carpeta específica. En caso de que el archivo sea un archivo DLL especialmente manipulado, se puede ejecutar código arbitrario con privilegios de SYSTEM.

12 Mar 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-12 08:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-21805

Mitre link : CVE-2024-21805

CVE.ORG link : CVE-2024-21805

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024