CVE-2024-47944

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47944
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://r.sec-consult.com/rittaliot
https://www.rittal.com/de-de/products/deep/3124300
Configurations

No configuration.

History

15 Oct 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 6.8

15 Oct 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) El dispositivo ejecuta directamente los archivos de actualización de firmware .patch en una memoria USB sin ninguna autenticación previa en la interfaz de administración. Esto da lugar a una ejecución de código no autenticado a través de la función de actualización de firmware.

15 Oct 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 09:15

Updated : 2024-10-15 16:35

NVD link : CVE-2024-47944

Mitre link : CVE-2024-47944

CVE.ORG link : CVE-2024-47944

JSON object : View

Products Affected

No product.

CWE
CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024