ghsa-rw6c-wwr4-qgm6
Vulnerability from github
Published
2024-05-14 18:30
Modified
2024-05-14 18:30
Severity
6.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Details

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-27946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T16:16:33Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions \u003c V5.5). Downloading files overwrites files with the same name in the \ninstallation directory of the affected systems. The filename for \nthe target file can be specified, thus arbitrary files can be \noverwritten by an attacker with the required privileges.",
  "id": "GHSA-rw6c-wwr4-qgm6",
  "modified": "2024-05-14T18:30:59Z",
  "published": "2024-05-14T18:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27946"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.