CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-26139 (GCVE-0-2024-26139)
Vulnerability from cvelistv5 – Published: 2024-05-23 11:47 – Updated: 2024-08-01 23:59
VLAI
Title
OpenCTI Authenticated Privilege Escalation
Summary
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/OpenCTI-Platform/opencti/secur… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenCTI-Platform | opencti |
Affected:
<= 5.12.31
|
|
| opencti-platform | opencti |
Affected:
0 , ≤ 5.12.31
(custom)
cpe:2.3:a:opencti-platform:opencti:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opencti-platform:opencti:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "opencti",
"vendor": "opencti-platform",
"versions": [
{
"lessThanOrEqual": "5.12.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:54:23.549911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:57.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opencti",
"vendor": "OpenCTI-Platform",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.12.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-657",
"description": "CWE-657: Violation of Secure Design Principles",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T11:47:44.488Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9"
}
],
"source": {
"advisory": "GHSA-qx4j-f4f2-vjw9",
"discovery": "UNKNOWN"
},
"title": "OpenCTI Authenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-26139",
"datePublished": "2024-05-23T11:47:44.488Z",
"dateReserved": "2024-02-14T17:40:03.688Z",
"dateUpdated": "2024-08-01T23:59:32.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26201 (GCVE-0-2024-26201)
Vulnerability from cvelistv5 – Published: 2024-03-12 16:57 – Updated: 2025-05-03 00:46
VLAI
Title
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Summary
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Intune Company Portal for Android |
Affected:
1.0.0 , < 1.2402.12
(custom)
|
Date Public
2024-03-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26201",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:34:33.669321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:13:35.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Intune Company Portal for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2402.12",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:intune_company_portal:*:*:*:*:*:android_os:*:*",
"versionEndExcluding": "1.2402.12",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:46:50.438Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26201"
}
],
"title": "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26201",
"datePublished": "2024-03-12T16:57:54.643Z",
"dateReserved": "2024-02-14T22:23:54.102Z",
"dateUpdated": "2025-05-03T00:46:50.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26203 (GCVE-0-2024-26203)
Vulnerability from cvelistv5 – Published: 2024-03-12 16:57 – Updated: 2025-05-03 00:46
VLAI
Title
Azure Data Studio Elevation of Privilege Vulnerability
Summary
Azure Data Studio Elevation of Privilege Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Data Studio |
Affected:
1.0.0 , < 1.48.0
(custom)
|
Date Public
2024-03-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Data Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:33:29.541850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:13:00.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Data Studio",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.48.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_data_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.48.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Data Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:46:51.148Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Data Studio Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203"
}
],
"title": "Azure Data Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26203",
"datePublished": "2024-03-12T16:57:55.224Z",
"dateReserved": "2024-02-14T22:23:54.102Z",
"dateUpdated": "2025-05-03T00:46:51.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26234 (GCVE-0-2024-26234)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39
VLAI
Title
Proxy Driver Spoofing Vulnerability
Summary
Proxy Driver Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.5696
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < 10.0.17763.5696
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.5696
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.5696
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.2402
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.2899
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.4291
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.3447
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.4291
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.3447
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.3447
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.830
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20596
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.6897
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6897
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6897
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22618
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.6003.0 , < 6.0.6003.22618
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22618
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.27067
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.27067
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.24821
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.24821
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.21924
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.21924
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T21:14:38.494406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:17.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Proxy Driver Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5696",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5696",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5696",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5696",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2402",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2899",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.4291",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.3447",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.4291",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3447",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3447",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.830",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20596",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6897",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6897",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6897",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22618",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22618",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22618",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.27067",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.27067",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24821",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24821",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21924",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21924",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5696",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5696",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5696",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5696",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2402",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2899",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4291",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3447",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4291",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3447",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3447",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.830",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20596",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6897",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6897",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6897",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22618",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22618",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "6.0.6003.22618",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.27067",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.27067",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24821",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24821",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21924",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21924",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Proxy Driver Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:39:54.972Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Proxy Driver Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234"
}
],
"title": "Proxy Driver Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26234",
"datePublished": "2024-04-09T17:00:55.340Z",
"dateReserved": "2024-02-15T00:57:49.356Z",
"dateUpdated": "2025-05-03T00:39:54.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27187 (GCVE-0-2024-27187)
Vulnerability from cvelistv5 – Published: 2024-08-20 16:03 – Updated: 2024-08-22 04:32
VLAI
Title
[20240804] - Core - Improper ACL for backend profile view
Summary
Improper Access Controls allows backend users to overwrite their username when disallowed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/945-… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-4.4.6
Affected: 5.0.0-5.1.2 |
|
| joomla | joomla\! |
Affected:
4.0.0 , ≤ 4.4.6
(custom)
Affected: 5.0.0 , ≤ 5.1.2 (custom) cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "joomla\\!",
"vendor": "joomla",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.2",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T19:24:02.130454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:26:50.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-4.4.6"
},
{
"status": "affected",
"version": "5.0.0-5.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elysee Franchuk"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Controls allows backend users to overwrite their username when disallowed."
}
],
"value": "Improper Access Controls allows backend users to overwrite their username when disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T04:32:02.125Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[20240804] - Core - Improper ACL for backend profile view",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2024-27187",
"datePublished": "2024-08-20T16:03:43.540Z",
"dateReserved": "2024-02-21T04:29:37.776Z",
"dateUpdated": "2024-08-22T04:32:02.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27200 (GCVE-0-2024-27200)
Vulnerability from cvelistv5 – Published: 2024-11-13 21:08 – Updated: 2024-11-14 19:45
VLAI
Summary
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- escalation of privilege
- CWE-284 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Granulate(TM) software |
Affected:
before version 4.30.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:09:22.799824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:45:37.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Granulate(TM) software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.30.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T21:08:15.521Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01145.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01145.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-27200",
"datePublished": "2024-11-13T21:08:15.521Z",
"dateReserved": "2024-04-19T03:00:02.609Z",
"dateUpdated": "2024-11-14T19:45:37.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2731 (GCVE-0-2024-2731)
Vulnerability from cvelistv5 – Published: 2024-04-10 13:59 – Updated: 2024-08-01 19:25
VLAI
Title
Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
Summary
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://huntr.com/bounties/4d72d300-92d6-4e3c-93d… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acquia:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "mautic",
"vendor": "acquia",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T15:34:06.551178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:09:08.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Mautic",
"programFiles": [
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Form/Type/CompanyMergeType.php#L41",
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Controller/LeadController.php#L1923",
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Controller/LeadController.php#L278"
],
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZHAW Information Security Research Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users\u0027 names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users\u0027 names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:59:41.407Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-2731",
"datePublished": "2024-04-10T13:59:41.407Z",
"dateReserved": "2024-03-20T13:04:47.309Z",
"dateUpdated": "2024-08-01T19:25:41.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27891 (GCVE-0-2024-27891)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:08 – Updated: 2026-06-05 18:28
VLAI
Title
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.
Summary
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.32.0 , ≤ 4.32.0.1F
(custom)
Affected: 4.31.0 , ≤ 4.31.2F (custom) Affected: 4.30.0 , ≤ 4.30.6M (custom) Affected: 4.29.0 , ≤ 4.29.7M (custom) Affected: 4.28.0 , ≤ 4.28.10.1M (custom) Affected: 4.27.2F , < 4.28.0 (custom) |
Date Public
2024-07-23 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:28:35.666431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:28:50.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"722XPM Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.0.1F",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.2F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.6M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.7M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.10.1M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThan": "4.28.0",
"status": "affected",
"version": "4.27.2F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-27891, multiple specific conditions must be met. Both MACsec and egress ACLs must be configured and active on the same interface as the minimum requirements for this issue to be exposed. Please review the following sections to identify if your organization is affected.\u003c/p\u003e\u003col\u003e\u003cli\u003eMACsec must be configured:\u003cbr\u003e\u003cpre\u003eswitch\u0026gt;show mac security status\nAdministrative State: \u0026nbsp; \u0026nbsp; enabled\nActive Profiles:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1\nData Delay Protection:\u0026nbsp; \u0026nbsp; no\nEAPoL Destination MAC:\u0026nbsp; \u0026nbsp; 0180.c200.0003\nFIPS Mode:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; no\nSecured Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; 54\nLicense:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; enabled\n\u003c/pre\u003e\u003cp\u003e\u003cb\u003eNote:\u003c/b\u003e\u0026nbsp;active profiles is not 0, and number of secured interfaces is not 0\u003c/p\u003e\u003cdiv\u003eIf MACsec is not configured there is no exposure to this issue and the message will include 0 Active Profiles, and 0 Secured Interfaces.\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show mac security status\nAdministrative State: \u0026nbsp; \u0026nbsp; enabled\nActive Profiles:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\nData Delay Protection:\u0026nbsp; \u0026nbsp; no\nEAPoL Destination MAC:\u0026nbsp; \u0026nbsp; 0180.c200.0003\nFIPS Mode:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; no\nSecured Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\nLicense:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; disabled (Hardware license not enabled)\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eAccess Control Lists (ACLs) must be configured for outbound packets:\u003cbr\u003e\u003cpre\u003eswitch#show running-config | section access-list\nipv6 access-list testIp6Acl\nip access-list testIpAcl\nmac access-list testMacAcl\n \nswitch#show running-config | section access-group\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-27891, multiple specific conditions must be met. Both MACsec and egress ACLs must be configured and active on the same interface as the minimum requirements for this issue to be exposed. Please review the following sections to identify if your organization is affected.\n\n * MACsec must be configured:\n\n\nswitch\u003eshow mac security status\nAdministrative State: \u00a0 \u00a0 enabled\nActive Profiles:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1\nData Delay Protection:\u00a0 \u00a0 no\nEAPoL Destination MAC:\u00a0 \u00a0 0180.c200.0003\nFIPS Mode:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 no\nSecured Interfaces: \u00a0 \u00a0 \u00a0 54\nLicense:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enabled\n\n\n\n\nNote:\u00a0active profiles is not 0, and number of secured interfaces is not 0\n\nIf MACsec is not configured there is no exposure to this issue and the message will include 0 Active Profiles, and 0 Secured Interfaces.\n\n\n\nswitch\u003eshow mac security status\nAdministrative State: \u00a0 \u00a0 enabled\nActive Profiles:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0\nData Delay Protection:\u00a0 \u00a0 no\nEAPoL Destination MAC:\u00a0 \u00a0 0180.c200.0003\nFIPS Mode:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 no\nSecured Interfaces: \u00a0 \u00a0 \u00a0 0\nLicense:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 disabled (Hardware license not enabled)\n\n\n\u00a0\n\n\n * Access Control Lists (ACLs) must be configured for outbound packets:\n\n\nswitch#show running-config | section access-list\nipv6 access-list testIp6Acl\nip access-list testIpAcl\nmac access-list testMacAcl\n \nswitch#show running-config | section access-group\ninterface Ethernet1\n\u00a0\u00a0\u00a0ip access-group testIpAcl out"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe total number of ACLs configured must be any of the following:\u003c/div\u003e\u003col\u003e\u003cli\u003eMore than 3 MAC ACLs, or\u003c/li\u003e\u003cli\u003eMore than 7 IPv4 ACLs, or\u003c/li\u003e\u003cli\u003eMore than 3 IPv6 ACLs\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf for each ACL type in use, there are less than the above corresponding number configured there is no exposure to this issue.\u003c/p\u003e\u003cdiv\u003eIf ACLs are not configured for outbound packets there is no exposure to this issue and the message will look like:\u003c/div\u003e\u003cpre\u003e! Notice no output below, indicating no ACLs configured\n! or notice ACLs are applied as \u201cin\u201d only.\nswitch#show running-config | section access-list\nswitch#\nswitch#show running-config | section access-group\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf no interfaces which have ACLs configured for outbound packets have MACsec configured, there is no exposure to this issue.\u003c/p\u003e\u003cp\u003eNote that interface types such as Vlan interfaces, or Port-Channel interfaces may have none, one or multiple physical interfaces.\u003c/p\u003e\u003cp\u003eTo check for MACsec configuration, first resolve the access-group configured interfaces to a list of all Ethernet physical interfaces.\u003c/p\u003e\u003cp\u003eIn the example below, there is an ACL applied to Port-Channel1 (Ethernet1, Ethernet5), Vlan613 (Ethernet2, Ethernet4) and Ethernet3. Therefore Ethernet1-5 should be checked to see if MACsec is enabled.\u003c/p\u003e\u003cpre\u003eswitch#show running-config | section access-group\ninterface Port-Channel1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\ninterface Vlan613\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n \nswitch\u0026gt;show port-channel 1 brief\nPort Channel Port-Channel1:\n\u0026nbsp;\u0026nbsp;Active Ports: Ethernet1 Ethernet5\n \nswitch\u0026gt;show vlan 613\nVLAN\u0026nbsp; Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\u0026nbsp; \u0026nbsp; Ports\n----- -------------------------------- --------- -------------------------------\n613 \u0026nbsp; VLAN0613 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active\u0026nbsp; \u0026nbsp; Cpu, Et2, Et4\n \nswitch\u0026gt;show mac security interface Ethernet1-5\nInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; SCI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Controlled Port\u0026nbsp; \u0026nbsp; \u0026nbsp; Key in Use\nEthernet1 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00:00:00:00::0\u0026nbsp; \u0026nbsp; \u0026nbsp; False\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; None\nEthernet5 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\n\u003c/pre\u003e\u003cp\u003eIn the above example Ethernet1 and Ethernet5 have MACsec enabled.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The total number of ACLs configured must be any of the following:\n\n * More than 3 MAC ACLs, or\n * More than 7 IPv4 ACLs, or\n * More than 3 IPv6 ACLs\n\n\nIf for each ACL type in use, there are less than the above corresponding number configured there is no exposure to this issue.\n\nIf ACLs are not configured for outbound packets there is no exposure to this issue and the message will look like:\n\n\n\n! Notice no output below, indicating no ACLs configured\n! or notice ACLs are applied as \u201cin\u201d only.\nswitch#show running-config | section access-list\nswitch#\nswitch#show running-config | section access-group\ninterface Ethernet1\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\n\n\n\u00a0\n\n\n\nIf no interfaces which have ACLs configured for outbound packets have MACsec configured, there is no exposure to this issue.\n\n\n\nNote that interface types such as Vlan interfaces, or Port-Channel interfaces may have none, one or multiple physical interfaces.\n\n\n\nTo check for MACsec configuration, first resolve the access-group configured interfaces to a list of all Ethernet physical interfaces.\n\n\n\nIn the example below, there is an ACL applied to Port-Channel1 (Ethernet1, Ethernet5), Vlan613 (Ethernet2, Ethernet4) and Ethernet3. Therefore Ethernet1-5 should be checked to see if MACsec is enabled.\n\n\n\nswitch#show running-config | section access-group\ninterface Port-Channel1\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\ninterface Vlan613\n\u00a0\u00a0\u00a0ip access-group testIpAcl out\n \nswitch\u003eshow port-channel 1 brief\nPort Channel Port-Channel1:\n\u00a0\u00a0Active Ports: Ethernet1 Ethernet5\n \nswitch\u003eshow vlan 613\nVLAN\u00a0 Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\u00a0 \u00a0 Ports\n----- -------------------------------- --------- -------------------------------\n613 \u00a0 VLAN0613 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active\u00a0 \u00a0 Cpu, Et2, Et4\n \nswitch\u003eshow mac security interface Ethernet1-5\nInterface \u00a0 \u00a0 \u00a0 SCI \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Controlled Port\u00a0 \u00a0 \u00a0 Key in Use\nEthernet1 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet2 \u00a0 \u00a0 \u00a0 00:00:00:00:00:00::0\u00a0 \u00a0 \u00a0 False\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 None\nEthernet5 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\n\n\n\n\nIn the above example Ethernet1 and Ethernet5 have MACsec enabled."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the example below, there are more than 3 IPv6 ACLs applied for outbound packets. All physical interfaces that are MACsec enabled, and have an IPv6 ACL applied for outbound packets, are exposed to this issue.\u003c/p\u003e\u003cpre\u003eswitch#show running-config | section access-group\ninterface Port-Channel1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\ninterface Ethernet45\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl2 out\ninterface Ethernet46\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl3 out\ninterface Ethernet47\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl4 out\ninterface Vlan613\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n \nswitch\u0026gt;show port-channel 1 brief\nPort Channel Port-Channel1:\n\u0026nbsp;\u0026nbsp;Active Ports: Ethernet1 Ethernet5\n \nswitch\u0026gt;show vlan 613\nVLAN\u0026nbsp; Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\u0026nbsp; \u0026nbsp; Ports\n----- -------------------------------- --------- -------------------------------\n613 \u0026nbsp; VLAN0613 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active\u0026nbsp; \u0026nbsp; Cpu, Et2, Et4\n \nswitch\u0026gt;show mac security interface Ethernet1-$ | grep True\nEthernet1 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet5 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet45 \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003e\u003cb\u003eInterface\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003e\u201cOut\u201d ACL\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eMinimum ACL count met\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eMACsec enabled\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eAffected\u003c/b\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eEt1\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt2\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt3\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt4\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt5\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt45\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt46\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt47\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIn the above example and table:\u003c/div\u003e\u003cul\u003e\u003cli\u003eEthernet46 and Ethernet47 are not exposed to this issue, because they are not MACsec enabled.\u003c/li\u003e\u003cli\u003eEthernet2, Ethernet3, and Ethernet4 are not exposed to this issue because there is only one IPv4 ACL group, which is less than the required number to be exposed for that ACL type.\u003c/li\u003e\u003cli\u003eEthernet3 is also not affected because the ACL is for incoming packets.\u003c/li\u003e\u003cli\u003eEthernet1, Ethernet5, and Ethernet45 are affected by this issue because they meet the conditions required.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "In the example below, there are more than 3 IPv6 ACLs applied for outbound packets. All physical interfaces that are MACsec enabled, and have an IPv6 ACL applied for outbound packets, are exposed to this issue.\n\n\n\nswitch#show running-config | section access-group\ninterface Port-Channel1\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\ninterface Ethernet45\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl2 out\ninterface Ethernet46\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl3 out\ninterface Ethernet47\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl4 out\ninterface Vlan613\n\u00a0\u00a0\u00a0ip access-group testIpAcl out\n \nswitch\u003eshow port-channel 1 brief\nPort Channel Port-Channel1:\n\u00a0\u00a0Active Ports: Ethernet1 Ethernet5\n \nswitch\u003eshow vlan 613\nVLAN\u00a0 Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\u00a0 \u00a0 Ports\n----- -------------------------------- --------- -------------------------------\n613 \u00a0 VLAN0613 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active\u00a0 \u00a0 Cpu, Et2, Et4\n \nswitch\u003eshow mac security interface Ethernet1-$ | grep True\nEthernet1 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet2 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet5 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet45 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\n\n\n\u00a0\n\nInterface\u201cOut\u201d ACLMinimum ACL count metMACsec enabledAffectedEt1YesYesYesYesEt2YesNo (only one IPv4 ACL)YesNoEt3NoNo (only one IPv4 ACL)NoNoEt4YesNo (only one IPv4 ACL)NoNoEt5YesYesYesYesEt45YesYesYesYesEt46YesYesNoNoEt47YesYesNoNo\n\n\u00a0\n\nIn the above example and table:\n\n * Ethernet46 and Ethernet47 are not exposed to this issue, because they are not MACsec enabled.\n * Ethernet2, Ethernet3, and Ethernet4 are not exposed to this issue because there is only one IPv4 ACL group, which is less than the required number to be exposed for that ACL type.\n * Ethernet3 is also not affected because the ACL is for incoming packets.\n * Ethernet1, Ethernet5, and Ethernet45 are affected by this issue because they meet the conditions required."
}
],
"datePublic": "2024-07-23T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eOn affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:08:42.522Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19908-security-advisory-0102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27891 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.1F and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.3M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.7M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27891 has been fixed in the following releases:\n\n * 4.32.1F and later releases in the 4.32.x train \n * 4.31.3M and later releases in the 4.31.x train\n * 4.30.7M and later releases in the 4.30.x train\n * 4.29.8M and later releases in the 4.29.x train\n * 4.28.11M and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "102",
"defect": [
"BUG 906098"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable MACsec on interfaces with outbound packet ACLs, or to use inbound packet ACLs where possible. Note that ingress ACLs might need to be applied to a different set of interfaces or to other devices in the network.\u003c/p\u003e\u003cpre\u003eswitch#configure\u003cbr\u003eswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#no mac security profile\n \n! or remove/replace the `out` ACL\n! Note that you may wish to apply `in` ACLs to a different set of\n! interfaces than `out` ACLs were applied to.\n \nswitch#configure\u003cbr\u003eswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#mac access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#ip access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#ipv6 access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#no mac access-group out\nswitch(config-if-Et1)#no ip access-group out\nswitch(config-if-Et1)#no ipv6 access-group out\n\u003c/pre\u003e\u003cp\u003eFor more information about ACLs see\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-acls-and-route-maps\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: ACLs and Route Maps\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "The workaround is to disable MACsec on interfaces with outbound packet ACLs, or to use inbound packet ACLs where possible. Note that ingress ACLs might need to be applied to a different set of interfaces or to other devices in the network.\n\n\n\nswitch#configure\nswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#no mac security profile\n \n! or remove/replace the `out` ACL\n! Note that you may wish to apply `in` ACLs to a different set of\n! interfaces than `out` ACLs were applied to.\n \nswitch#configure\nswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#mac access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#ip access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#ipv6 access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#no mac access-group out\nswitch(config-if-Et1)#no ip access-group out\nswitch(config-if-Et1)#no ipv6 access-group out\n\n\n\n\nFor more information about ACLs see\u00a0 EOS User Manual: ACLs and Route Maps https://www.arista.com/en/um-eos/eos-acls-and-route-maps ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-27891",
"datePublished": "2026-06-04T22:08:42.522Z",
"dateReserved": "2024-02-26T18:06:32.161Z",
"dateUpdated": "2026-06-05T18:28:50.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28016 (GCVE-0-2024-28016)
Vulnerability from cvelistv5 – Published: 2024-03-28 00:55 – Updated: 2025-01-14 04:14
VLAI
Summary
Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
Impacted products
59 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG1800HP4 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS3 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS2 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | W1200EX(-MS) |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP2 |
Affected:
all versions
|
|
| NEC Corporation | W300P |
Affected:
all versions
|
|
| NEC Corporation | WF800HP |
Affected:
all versions
|
|
| NEC Corporation | WR8165N |
Affected:
all versions
|
|
| NEC Corporation | WG2200HP |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP2 |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP |
Affected:
all versions
|
|
| NEC Corporation | WG600HP |
Affected:
all versions
|
|
| NEC Corporation | WG300HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP |
Affected:
all versions
|
|
| NEC Corporation | WG1400HP |
Affected:
all versions
|
|
| NEC Corporation | WR8175N |
Affected:
all versions
|
|
| NEC Corporation | WR9300N |
Affected:
all versions
|
|
| NEC Corporation | WR8750N |
Affected:
all versions
|
|
| NEC Corporation | WR8160N |
Affected:
all versions
|
|
| NEC Corporation | WR9500N |
Affected:
all versions
|
|
| NEC Corporation | WR8600N |
Affected:
all versions
|
|
| NEC Corporation | WR8370N |
Affected:
all versions
|
|
| NEC Corporation | WR8170N |
Affected:
all versions
|
|
| NEC Corporation | WR8700N |
Affected:
all versions
|
|
| NEC Corporation | WR8300N |
Affected:
all versions
|
|
| NEC Corporation | WR8150N |
Affected:
all versions
|
|
| NEC Corporation | WR4100N |
Affected:
all versions
|
|
| NEC Corporation | WR4500N |
Affected:
all versions
|
|
| NEC Corporation | WR8100N |
Affected:
all versions
|
|
| NEC Corporation | WR8500N |
Affected:
all versions
|
|
| NEC Corporation | CR2500P |
Affected:
all versions
|
|
| NEC Corporation | WR8400N |
Affected:
all versions
|
|
| NEC Corporation | WR8200N |
Affected:
all versions
|
|
| NEC Corporation | WR1200H |
Affected:
all versions
|
|
| NEC Corporation | WR7870S |
Affected:
all versions
|
|
| NEC Corporation | WR6670S |
Affected:
all versions
|
|
| NEC Corporation | WR7850S |
Affected:
all versions
|
|
| NEC Corporation | WR6650S |
Affected:
all versions
|
|
| NEC Corporation | WR6600H |
Affected:
all versions
|
|
| NEC Corporation | WR7800H |
Affected:
all versions
|
|
| NEC Corporation | WM3400RN |
Affected:
all versions
|
|
| NEC Corporation | WM3450RN |
Affected:
all versions
|
|
| NEC Corporation | WM3500R |
Affected:
all versions
|
|
| NEC Corporation | WM3600R |
Affected:
all versions
|
|
| NEC Corporation | WM3800R |
Affected:
all versions
|
|
| NEC Corporation | WR8166N |
Affected:
all versions
|
|
| NEC Corporation | MR01LN |
Affected:
all versions
|
|
| NEC Corporation | MR02LN |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(JE) |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(MF) |
Affected:
all versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:37:34.619893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T21:09:12.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG1800HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W1200EX(-MS)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W300P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8165N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8160N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8150N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "CR2500P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8400N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8200N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR1200H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7870S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6670S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7850S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6650S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6600H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7800H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3400RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3450RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3500R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3600R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3800R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8166N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR01LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR02LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(JE)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(MF)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet."
}
],
"value": "Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T04:14:44.988Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2024-28016",
"datePublished": "2024-03-28T00:55:50.880Z",
"dateReserved": "2024-02-29T08:40:36.327Z",
"dateUpdated": "2025-01-14T04:14:44.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28050 (GCVE-0-2024-28050)
Vulnerability from cvelistv5 – Published: 2024-08-14 13:45 – Updated: 2024-08-16 15:48
VLAI
Summary
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.
Severity
5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-284 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics software |
Affected:
before version 31.0.101.4824
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:47:58.957476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:48:07.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 31.0.101.4824"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:45:16.572Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-28050",
"datePublished": "2024-08-14T13:45:16.572Z",
"dateReserved": "2024-03-27T03:00:07.317Z",
"dateUpdated": "2024-08-16T15:48:07.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-19: Embedding Scripts within Scripts
An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts.
CAPEC-441: Malicious Logic Insertion
An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.
CAPEC-478: Modification of Windows Service Configuration
An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.
CAPEC-479: Malicious Root Certificate
An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.
CAPEC-502: Intent Spoof
An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent's action without verififcation, then the target application performs the functionality at the adversary's request, helping the adversary achieve the desired negative technical impact.
CAPEC-503: WebView Exposure
An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.
CAPEC-536: Data Injected During Configuration
An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.
CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.
CAPEC-550: Install New Service
When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-552: Install Rootkit
An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.
CAPEC-556: Replace File Extension Handlers
When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.
CAPEC-558: Replace Trusted Executable
An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.
CAPEC-562: Modify Shared File
An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.
CAPEC-563: Add Malicious File to Shared Webroot
An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.
CAPEC-564: Run Software at Logon
Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.
CAPEC-578: Disable Security Software
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.