github - ghsa-736m-p2gm-v4q7

GHSA-736M-P2GM-V4Q7

Vulnerability from github – Published: 2024-05-16 15:31 – Updated: 2024-05-16 15:31

Details

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-4999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T13:15:48Z",
    "severity": null
  },
  "details": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.",
  "id": "GHSA-736m-p2gm-v4q7",
  "modified": "2024-05-16T15:31:37Z",
  "published": "2024-05-16T15:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4999"
    },
    {
      "type": "WEB",
      "url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2024-4999 (GCVE-0-2024-4999)

Vulnerability from cvelistv5 – Published: 2024-05-16 12:14 – Updated: 2024-08-01 20:55

Summary

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

ONEKEY

References

URL

Tags

https://onekey.com/blog/security-advisory-remote-…

third-party-advisory

Impacted products

Vendor

Product

Version

Ligowave

UNITY

Affected: 0 , ≤ 6.95-2 (semver)

Ligowave	PRO	Affected: 0 , ≤ 6.95-1.rt3883 (semver)
Ligowave	MIMO	Affected: 0 , ≤ 6.95-1.rt2880 (semver)
Ligowave	APC Propeller	Affected: 0 , ≤ 2-5.95-4.rt3352 (semver)

Credits

Quentin Kaiser from ONEKEY Research Labs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:ligowave:unity:6.95-2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unity",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:pro:6.95-1.rt3883:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pro",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-1.rt3883"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:mimo:6.95-1.rt2880:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mimo",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "6.95-1.rt2880"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ligowave:apc_propeller:2-5.95-4.rt3352:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apc_propeller",
            "vendor": "ligowave",
            "versions": [
              {
                "status": "affected",
                "version": "2-5.95-4.rt3352"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4999",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T15:17:05.688626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:18.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UNITY",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PRO",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-1.rt3883",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MIMO",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "6.95-1.rt2880",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "APC Propeller",
          "vendor": "Ligowave",
          "versions": [
            {
              "lessThanOrEqual": "2-5.95-4.rt3352",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Quentin Kaiser from ONEKEY Research Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u0026nbsp;attacker to execute arbitrary commands with elevated privileges.\u003cp\u003eThis issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T12:17:49.310Z",
        "orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
        "shortName": "ONEKEY"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
            }
          ],
          "value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
    "assignerShortName": "ONEKEY",
    "cveId": "CVE-2024-4999",
    "datePublished": "2024-05-16T12:14:51.671Z",
    "dateReserved": "2024-05-16T12:06:27.762Z",
    "dateUpdated": "2024-08-01T20:55:10.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-736M-P2GM-V4Q7

CVE-2024-4999 (GCVE-0-2024-4999)

Tags

Sightings

Nomenclature