CVE-2024-23626

{"id": "CVE-2024-23626", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "disclosures@exodusintel.com", "cvssData": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosures@exodusintel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-26T00:15:10.820", "references": [{"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/", "tags": ["Third Party Advisory"], "source": "disclosures@exodusintel.com"}, {"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosures@exodusintel.com", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the \u2018SaveSysLogParams\u2019 \nparameter of the Motorola MR2600. A remote attacker can exploit this \nvulnerability to achieve command execution. Authentication is required, \nhowever can be bypassed.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveSysLogParams' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir."}], "lastModified": "2024-11-21T08:58:02.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mr2600_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB21523A-FF81-44F5-84D4-83D690D1D021"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23CF30D0-9447-49F2-B33B-CA2BF24D6DD2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosures@exodusintel.com"}