CVE-2024-47045

Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
Configurations

No configuration.

History

26 Sep 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe un problema de encadenamiento de privilegios en el instalador del software e-Tax (programa común). Si se explota esta vulnerabilidad, una DLL maliciosa preparada por un atacante puede ejecutarse con privilegios superiores a los de la aplicación.

26 Sep 2024, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://jvn.jp/en/jp/JVN78356367/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/500mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/600mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/pr_400mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/rt_400mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/rv_440mi/', 'source': 'vultures@jpcert.or.jp'}
  • () https://jvn.jp/en/jp/JVN57749899/ -
  • () https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm -
CWE CWE-451 CWE-268
Summary (en) User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. (en) Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.

26 Sep 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 04:15

Updated : 2024-09-26 15:35


NVD link : CVE-2024-47045

Mitre link : CVE-2024-47045

CVE.ORG link : CVE-2024-47045


JSON object : View

Products Affected

No product.

CWE
CWE-268

Privilege Chaining