CVE-2024-47045

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47045
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN57749899/
https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm
Configurations

No configuration.

History

26 Sep 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe un problema de encadenamiento de privilegios en el instalador del software e-Tax (programa común). Si se explota esta vulnerabilidad, una DLL maliciosa preparada por un atacante puede ejecutarse con privilegios superiores a los de la aplicación.

26 Sep 2024, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://jvn.jp/en/jp/JVN78356367/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/500mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/600mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/pr_400mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/rt_400mi/', 'source': 'vultures@jpcert.or.jp'}
  • {'url': 'https://web116.jp/ced/support/version/broadband/rv_440mi/', 'source': 'vultures@jpcert.or.jp'}
  • () https://jvn.jp/en/jp/JVN57749899/ -
  • () https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm -
CWE CWE-451 CWE-268
Summary (en) User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. (en) Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.

26 Sep 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-26 04:15

Updated : 2024-09-26 15:35

NVD link : CVE-2024-47045

Mitre link : CVE-2024-47045

CVE.ORG link : CVE-2024-47045

JSON object : View

Products Affected

No product.

CWE
CWE-268

Privilege Chaining


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024