8.8
CVE-2024-22062
- EPSS 0.04%
- Veröffentlicht 09.07.2024 07:15:03
- Zuletzt bearbeitet 28.01.2025 15:29:07
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
LoginThere is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Zxcloud Irai Version < 7.23.40
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| psirt@zte.com.cn | 6.3 | 0.5 | 5.3 |
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.