CVE-2024-4999 (GCVE-0-2024-4999)

Vulnerability from cvelistv5 – Published: 2024-05-16 12:14 – Updated: 2024-08-01 20:55
VLAI?
Summary
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.
Severity ?
9.4 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Ligowave UNITY Affected: 0 , ≤ 6.95-2 (semver)
Create a notification for this product.
    Ligowave PRO Affected: 0 , ≤ 6.95-1.rt3883 (semver)
Create a notification for this product.
    Ligowave MIMO Affected: 0 , ≤ 6.95-1.rt2880 (semver)
Create a notification for this product.
    Ligowave APC Propeller Affected: 0 , ≤ 2-5.95-4.rt3352 (semver)
Create a notification for this product.
Credits
Quentin Kaiser from ONEKEY Research Labs
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:ligowave:unity:6.95-2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unity",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:pro:6.95-1.rt3883:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pro",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-1.rt3883"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:mimo:6.95-1.rt2880:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mimo",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-1.rt2880"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:apc_propeller:2-5.95-4.rt3352:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apc_propeller",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "2-5.95-4.rt3352"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4999",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T15:17:05.688626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:18.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UNITY",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PRO",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-1.rt3883",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MIMO",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-1.rt2880",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "APC Propeller",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "2-5.95-4.rt3352",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Quentin Kaiser from ONEKEY Research Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u0026nbsp;attacker to execute arbitrary commands with elevated privileges.\u003cp\u003eThis issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T12:17:49.310Z",
        "orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
        "shortName": "ONEKEY"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
            }
          ],
          "value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
    "assignerShortName": "ONEKEY",
    "cveId": "CVE-2024-4999",
    "datePublished": "2024-05-16T12:14:51.671Z",
    "dateReserved": "2024-05-16T12:06:27.762Z",
    "dateUpdated": "2024-08-01T20:55:10.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz de administraci\\u00f3n basada en web de m\\u00faltiples dispositivos Ligowave podr\\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios con privilegios elevados. Este problema afecta a UNITY: hasta 6.95-2; PRO: hasta 6.95-1.Rt3883; MIMO: hasta 6.95-1.Rt2880; APC Propeller: hasta 2-5.95-4.Rt3352.\"}]",
      "id": "CVE-2024-4999",
      "lastModified": "2024-11-21T09:44:01.143",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NEGLIGIBLE\", \"automatable\": \"YES\", \"recovery\": \"USER\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"MODERATE\", \"providerUrgency\": \"AMBER\"}}]}",
      "published": "2024-05-16T13:15:48.357",
      "references": "[{\"url\": \"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\", \"source\": \"research@onekey.com\"}, {\"url\": \"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "research@onekey.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-4999\",\"sourceIdentifier\":\"research@onekey.com\",\"published\":\"2024-05-16T13:15:48.357\",\"lastModified\":\"2024-11-21T09:44:01.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de m\u00faltiples dispositivos Ligowave podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios con privilegios elevados. Este problema afecta a UNITY: hasta 6.95-2; PRO: hasta 6.95-1.Rt3883; MIMO: hasta 6.95-1.Rt2880; APC Propeller: hasta 2-5.95-4.Rt3352.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"references\":[{\"url\":\"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\",\"source\":\"research@onekey.com\"},{\"url\":\"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:55:10.386Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4999\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-16T15:17:05.688626Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:ligowave:unity:6.95-2:*:*:*:*:*:*:*\"], \"vendor\": \"ligowave\", \"product\": \"unity\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.95-2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:ligowave:pro:6.95-1.rt3883:*:*:*:*:*:*:*\"], \"vendor\": \"ligowave\", \"product\": \"pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.95-1.rt3883\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:ligowave:mimo:6.95-1.rt2880:*:*:*:*:*:*:*\"], \"vendor\": \"ligowave\", \"product\": \"mimo\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.95-1.rt2880\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:ligowave:apc_propeller:2-5.95-4.rt3352:*:*:*:*:*:*:*\"], \"vendor\": \"ligowave\", \"product\": \"apc_propeller\", \"versions\": [{\"status\": \"affected\", \"version\": \"2-5.95-4.rt3352\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-16T15:20:47.819Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Quentin Kaiser from ONEKEY Research Labs\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 9.4, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Ligowave\", \"product\": \"UNITY\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.95-2\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ligowave\", \"product\": \"PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.95-1.rt3883\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ligowave\", \"product\": \"MIMO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.95-1.rt2880\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ligowave\", \"product\": \"APC Propeller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2-5.95-4.rt3352\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/\", \"tags\": [\"third-party-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u0026nbsp;attacker to execute arbitrary commands with elevated privileges.\u003cp\u003eThis issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"shortName\": \"ONEKEY\", \"dateUpdated\": \"2024-05-16T12:17:49.310Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-4999\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:55:10.386Z\", \"dateReserved\": \"2024-05-16T12:06:27.762Z\", \"assignerOrgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"datePublished\": \"2024-05-16T12:14:51.671Z\", \"assignerShortName\": \"ONEKEY\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.