7.3
CVE-2024-21939
- EPSS 0.02%
- Veröffentlicht 12.11.2024 18:15:18
- Zuletzt bearbeitet 18.12.2024 18:59:15
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
LoginIncorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amd ≫ Cloud Manageability Service Version < 2.0.0.232
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| psirt@amd.com | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.