Search criteria
6 vulnerabilities found for NetBox by LenelS2
CVE-2024-2422 (GCVE-0-2024-2422)
Vulnerability from cvelistv5 – Published: 2024-05-30 17:26 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T23:15:27.680824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:36.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands."
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:26:12.543Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Improper Neutralization of Argumented Delimiters",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2422",
"datePublished": "2024-05-30T17:26:12.543Z",
"dateReserved": "2024-03-13T13:55:55.979Z",
"dateUpdated": "2024-08-01T19:11:53.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2421 (GCVE-0-2024-2421)
Vulnerability from cvelistv5 – Published: 2024-05-30 17:24 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T16:38:35.581709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:16.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions."
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:24:33.231Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Improper Neutralization of Special Elements",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2421",
"datePublished": "2024-05-30T17:24:33.231Z",
"dateReserved": "2024-03-13T13:55:51.729Z",
"dateUpdated": "2024-08-01T19:11:53.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2420 (GCVE-0-2024-2420)
Vulnerability from cvelistv5 – Published: 2024-05-30 17:22 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
Severity ?
CWE
- CWE-259 - Use of Hardcoded Password
Assigner
References
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:12:38.190957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:12.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u0026nbsp;Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.\u0026nbsp;"
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hardcoded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:22:06.344Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Hardcoded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2420",
"datePublished": "2024-05-30T17:22:06.344Z",
"dateReserved": "2024-03-13T13:55:47.727Z",
"dateUpdated": "2024-08-01T19:11:53.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2422 (GCVE-0-2024-2422)
Vulnerability from nvd – Published: 2024-05-30 17:26 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T23:15:27.680824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:36.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands."
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:26:12.543Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Improper Neutralization of Argumented Delimiters",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2422",
"datePublished": "2024-05-30T17:26:12.543Z",
"dateReserved": "2024-03-13T13:55:55.979Z",
"dateUpdated": "2024-08-01T19:11:53.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2421 (GCVE-0-2024-2421)
Vulnerability from nvd – Published: 2024-05-30 17:24 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T16:38:35.581709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:16.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions."
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:24:33.231Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Improper Neutralization of Special Elements",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2421",
"datePublished": "2024-05-30T17:24:33.231Z",
"dateReserved": "2024-03-13T13:55:51.729Z",
"dateUpdated": "2024-08-01T19:11:53.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2420 (GCVE-0-2024-2420)
Vulnerability from nvd – Published: 2024-05-30 17:22 – Updated: 2024-08-01 19:11
VLAI?
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
Severity ?
CWE
- CWE-259 - Use of Hardcoded Password
Assigner
References
Credits
Claroty Team82
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lenels2_netbox",
"vendor": "carrier",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:12:38.190957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:12.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBox",
"vendor": "LenelS2",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u0026nbsp;Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.\u0026nbsp;"
}
],
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hardcoded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:22:06.344Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LenelS2 NetBox Hardcoded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-2420",
"datePublished": "2024-05-30T17:22:06.344Z",
"dateReserved": "2024-03-13T13:55:47.727Z",
"dateUpdated": "2024-08-01T19:11:53.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}