Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by hillstonenet
CVE-2024-8073 (GCVE-0-2024-8073)
Vulnerability from cvelistv5 – Published: 2024-08-26 02:19 – Updated: 2024-08-27 19:00
VLAI
Title
Command Injection Vulnerability in Hillstone Networks Web Application Firewall
Summary
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hillstone Networks | Hillstone Networks Web Application Firewall |
Affected:
2.6.7 , ≤ 2.8.13
(custom)
|
|
| hillstonenet | web_application_firewall |
Affected:
5.5r6-2.6.7 , ≤ 5.5R6-2.8.13
(custom)
cpe:2.3:a:hillstonenet:web_application_firewall:5.5r6-2.6.7:*:*:*:*:*:*:* |
Date Public
2024-08-26 00:53
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hillstonenet:web_application_firewall:5.5r6-2.6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_application_firewall",
"vendor": "hillstonenet",
"versions": [
{
"lessThanOrEqual": "5.5R6-2.8.13",
"status": "affected",
"version": "5.5r6-2.6.7",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T18:44:24.297231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:00:27.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"5.5R6"
],
"product": "Hillstone Networks Web Application Firewall",
"vendor": "Hillstone Networks",
"versions": [
{
"lessThanOrEqual": "2.8.13",
"status": "affected",
"version": "2.6.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-26T00:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.\u003cp\u003eThis issue affects Hillstone Networks Web Application Firewall: from\u0026nbsp;5.5R6-2.6.7 through 5.5R6-2.8.13.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from\u00a05.5R6-2.6.7 through 5.5R6-2.8.13."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T02:19:48.164Z",
"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"shortName": "Hillstone"
},
"references": [
{
"url": "https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in Hillstone Networks Web Application Firewall",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\u003cbr\u003e"
}
],
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"assignerShortName": "Hillstone",
"cveId": "CVE-2024-8073",
"datePublished": "2024-08-26T02:19:48.164Z",
"dateReserved": "2024-08-22T09:28:58.926Z",
"dateUpdated": "2024-08-27T19:00:27.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}