cve-2024-4301
Vulnerability from cvelistv5
Published
2024-04-29 04:01
Modified
2024-08-01 20:33
Severity
Summary
N-Reporter and N-Cloud from N-Partner - Os Command Injection
References
Impacted products
| Vendor | Product |
|---|---|
| N-Partner | N-Reporter firmware |
| N-Partner | N-Cloud firmware |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:n-partner:n-reporter_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n-reporter_firmware",
"vendor": "n-partner",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:n-partner:n-cloud_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n-cloud_firmware",
"vendor": "n-partner",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T14:55:10.560617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:15.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "N-Reporter firmware",
"vendor": "N-Partner",
"versions": [
{
"lessThan": "6.1.187",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "N-Cloud firmware",
"vendor": "N-Partner",
"versions": [
{
"lessThan": "6.1.187",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-04-29T03:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page."
}
],
"value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T04:01:24.051Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Firmware to 6.1.187 (20240216-1603) or later version"
}
],
"value": "Update Firmware to 6.1.187 (20240216-1603) or later version"
}
],
"source": {
"advisory": "TVN-202404012",
"discovery": "EXTERNAL"
},
"title": "N-Reporter and N-Cloud from N-Partner - Os Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-4301",
"datePublished": "2024-04-29T04:01:24.051Z",
"dateReserved": "2024-04-29T03:23:13.243Z",
"dateUpdated": "2024-08-01T20:33:53.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4301\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-04-29T04:15:09.110\",\"lastModified\":\"2024-04-29T12:42:03.667\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.\"},{\"lang\":\"es\",\"value\":\"N-Reporter y N-Cloud, productos de N-Partner, tienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Los atacantes remotos con privilegios de usuario normales pueden ejecutar comandos arbitrarios del sistema manipulando las entradas del usuario en una p\u00e1gina espec\u00edfica.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html\",\"source\":\"twcert@cert.org.tw\"}]}}"
}
}
Loading...