CVE-2024-31843

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team.html

Configurations

No configuration.

History

03 Jul 2024, 01:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.1
Summary		(es) Se descubrió un problema en Italtel Embrace 1.6.4. La aplicación web no verifica adecuadamente los parámetros enviados como entrada antes de procesarlos en el lado del servidor. Esto permite a los usuarios autenticados ejecutar comandos en el sistema operativo.
CWE		CWE-78

23 May 2024, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-23 19:16

Updated : 2024-07-03 01:55

NVD link : CVE-2024-31843

Mitre link : CVE-2024-31843

CVE.ORG link : CVE-2024-31843

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

4.1 /10