Vulnerability-Lookup

GHSA-QCM6-WW7J-HM8X

Vulnerability from github – Published: 2024-06-13 18:31 – Updated: 2024-10-03 18:30

Details

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.

Severity

4.6 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-38279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T17:15:51Z",
    "severity": "MODERATE"
  },
  "details": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.",
  "id": "GHSA-qcm6-ww7j-hm8x",
  "modified": "2024-10-03T18:30:35Z",
  "published": "2024-06-13T18:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38279"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-38279 (GCVE-0-2024-38279)

Vulnerability from cvelistv5 – Published: 2024-06-13 17:00 – Updated: 2024-08-02 04:04

Title

Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Summary

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

icscert

References

1 reference

URL	Tags
https://www.cisa.gov/news-events/ics-advisories/i…	government-resource

Impacted products

2 products

Vendor	Product	Version
Motorola Solutions	Vigilant Fixed LPR Coms Box (BCAV1F2-C600)	Affected: 0 , ≤ 3.1.171.9 (custom)
motorolasolutions	vigilant_fixed_lpr_coms_box_bcav1f2_c600	Affected: 0 , ≤ 3.1.171.9 (custom) cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:::::::*

Credits

The Michigan State Police Michigan Cyber Command Center (MC3)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigilant_fixed_lpr_coms_box_bcav1f2_c600",
            "vendor": "motorolasolutions",
            "versions": [
              {
                "lessThanOrEqual": "3.1.171.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T18:21:36.318296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T18:30:17.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
          "vendor": "Motorola Solutions",
          "versions": [
            {
              "lessThanOrEqual": "3.1.171.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eThe affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.\u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T17:00:20.515Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cbr\u003e\n\n\u003cp\u003eMotorola Solutions recommends the following for each identified vulnerability:\u003c/p\u003e\u003cp\u003eCVE-2024-38279:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUse secure boot implementation with an edit-resistant GRUB partition.\u003c/li\u003e\u003cli\u003eAdditional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\u003cbr\u003ewill release a secure boot implementation in Fall 2024. All customers will receive the update\u003cbr\u003ethrough OTA (over the air) mechanisms. No further actions are required by customers.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Motorola Solutions recommends the following for each identified vulnerability:\n\nCVE-2024-38279:\n\n  *  Use secure boot implementation with an edit-resistant GRUB partition.\n  *  Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\n\n\nEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\nwill release a secure boot implementation in Fall 2024. All customers will receive the update\nthrough OTA (over the air) mechanisms. No further actions are required by customers."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-38279",
    "datePublished": "2024-06-13T17:00:20.515Z",
    "dateReserved": "2024-06-12T16:16:09.648Z",
    "dateUpdated": "2024-08-02T04:04:25.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-QCM6-WW7J-HM8X

CVE-2024-38279 (GCVE-0-2024-38279)

Tags

Sightings

Nomenclature