CVE-2024-23317

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2024-23317

Configurations

No configuration.

History

11 Jul 2024, 13:05

Type	Values Removed	Values Added
Summary		(es) El control externo del nombre o ruta del archivo (CWE-73) en el Controlador 6000 y el Controlador 7000 permite a un atacante con acceso local al Controlador realizar la ejecución de código arbitrario. Este problema afecta a: 9.10 anterior a vCR9.10.240520a (distribuido en 9.10.1268(MR1)), 9.00 anterior a vCR9.00.240521a (distribuido en 9.00.1990(MR3)), 8.90 anterior a vCR8.90.240520a (distribuido en 8.90.1947 (MR4)), 8.80 antes de vCR8.80.240520a (distribuido en 8.80.1726 (MR5)), 8.70 antes de vCR8.70.240520a (distribuido en 8.70.2824 (MR7)), todas las versiones de 8.60 y anteriores .

11 Jul 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-11 03:15

Updated : 2024-07-11 13:05

NVD link : CVE-2024-23317

Mitre link : CVE-2024-23317

CVE.ORG link : CVE-2024-23317

JSON object : View

Products Affected

No product.

CWE

CWE-73

External Control of File Name or Path

6.3 /10