ghsa-rw6c-wwr4-qgm6
Vulnerability from github
Published
2024-05-14 18:30
Modified
2024-05-14 18:30
Severity
Details
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.
{ "affected": [], "aliases": [ "CVE-2024-27946" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-14T16:16:33Z", "severity": "MODERATE" }, "details": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions \u003c V5.5). Downloading files overwrites files with the same name in the \ninstallation directory of the affected systems. The filename for \nthe target file can be specified, thus arbitrary files can be \noverwritten by an attacker with the required privileges.", "id": "GHSA-rw6c-wwr4-qgm6", "modified": "2024-05-14T18:30:59Z", "published": "2024-05-14T18:30:59Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27946" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...