8.6
CVE-2024-21881
- EPSS 0.29%
- Veröffentlicht 12.08.2024 13:38:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle csirt@divd.nl
- CVE-Watchlists
- Unerledigt
Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerenphase
≫
Produkt
envoy
Default Statusunknown
Version
4.x
Status
affected
Version
5.x
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| csirt@divd.nl | 8.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:I/V:C/RE:H/U:X
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://csirt.divd.nl/DIVD-2024-00011
https://csirt.divd.nl/CVE-2024-21881
https://enphase.com/cybersecurity/advisories/ensa-2024-6