CVE-2024-47254

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.2n.com/en-GB/about-2n/cybersecurity/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*

History

06 Nov 2024, 22:22

Type	Values Removed	Values Added
References	~~() https://www.2n.com/en-GB/about-2n/cybersecurity/ -~~	() https://www.2n.com/en-GB/about-2n/cybersecurity/ - Product
First Time		2n 2n access Commander
CPE		cpe:2.3:a:2n:access_commander::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : 7.2
CWE		NVD-CWE-noinfo

05 Nov 2024, 16:04

Type	Values Removed	Values Added
Summary		(es) En las versiones 3.1.1.2 y anteriores de 2N Access Commander, una vulnerabilidad de verificación insuficiente de la autenticidad de los datos podría permitir que un atacante aumente sus privilegios y obtenga acceso de root al sistema.

05 Nov 2024, 10:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-05 10:20

Updated : 2024-11-06 22:22

NVD link : CVE-2024-47254

Mitre link : CVE-2024-47254

CVE.ORG link : CVE-2024-47254

JSON object : View

Products Affected

2n

access_commander

CWE

NVD-CWE-noinfo CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2024-47254", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.4}]}, "published": "2024-11-05T10:20:04.843", "references": [{"url": "https://www.2n.com/en-GB/about-2n/cybersecurity/", "tags": ["Product"], "source": "product-security@axis.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "product-security@axis.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system."}, {"lang": "es", "value": "En las versiones 3.1.1.2 y anteriores de 2N Access Commander, una vulnerabilidad de verificaci\u00f3n insuficiente de la autenticidad de los datos podr\u00eda permitir que un atacante aumente sus privilegios y obtenga acceso de root al sistema."}], "lastModified": "2024-11-06T22:22:01.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A7B866-FF8F-4CA9-A34C-78D361E21730", "versionEndIncluding": "3.1.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}