CVE-2024-9441

CVE-2024-9441

Título es
CVE-2024-9441

Mié, 02/10/2024 – 19:15

Tipo
CWE-78

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-9441

Descripción en
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

02/10/2024
02/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • SSD Advisory – Nortek Linear eMerge E3 Pre-Auth RCE



  • https://vulncheck.com/advisories/linear-emerge-forgot-password

    • Enviar en el boletín
    Off

    CVE-2024-20519

    CVE-2024-20519

    Título es
    CVE-2024-20519

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20519

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20518

    CVE-2024-20518

    Título es
    CVE-2024-20518

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20518

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20517

    CVE-2024-20517

    Título es
    CVE-2024-20517

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20517

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20516

    CVE-2024-20516

    Título es
    CVE-2024-20516

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20516

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20524

    CVE-2024-20524

    Título es
    CVE-2024-20524

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20524

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20523

    CVE-2024-20523

    Título es
    CVE-2024-20523

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20523

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20522

    CVE-2024-20522

    Título es
    CVE-2024-20522

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20522

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20521

    CVE-2024-20521

    Título es
    CVE-2024-20521

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20521

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off

    CVE-2024-20520

    CVE-2024-20520

    Título es
    CVE-2024-20520

    Mié, 02/10/2024 – 17:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20520

    Descripción en
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
     
    This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

    02/10/2024
    02/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

    • Enviar en el boletín
    Off