CVE-2024-25008

{"id": "CVE-2024-25008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-08-16T10:15:04.823", "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability."}, {"lang": "es", "value": " Ericsson RAN Compute and Site Controller 6610 contiene una vulnerabilidad en el sistema de control donde la validaci\u00f3n de entrada incorrecta puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, por ejemplo, para obtener un shell de Linux con los mismos privilegios que el atacante. El atacante necesitar\u00eda privilegios elevados, por ejemplo, un usuario de OAM v\u00e1lido que tenga el rol de administrador del sistema para explotar la vulnerabilidad."}], "lastModified": "2024-08-19T13:00:23.117", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"}