1. EXECUTIVE SUMMARY
- CVSS v3.1 7.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: 2N
- Equipment: Access Commander
- Vulnerabilities: Path Traversal, Insufficient Verification of Data Authenticity
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of 2N Access Commander, an IP access control system, are affected:
Access Commander: versions 3.1.1.2 and prior
3.2 Vulnerability Overview
3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker to write files on the filesystem to achieve arbitrary remote code execution.
CVE-2024-47253 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
3.2.2 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.
CVE-2024-47254 has been assigned to this vulnerability. A CVSS v3
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: