8.8
CVE-2024-12700
- EPSS 0.58%
- Veröffentlicht 19.12.2024 23:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTibbo
≫
Produkt
AggreGate Network Manager
Default Statusunaffected
Version <=
6.34.02
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.428 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://aggregate.digital/downloads.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05