9.8
CVE-2024-23618
- EPSS 0.27%
- Veröffentlicht 26.01.2024 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:58:01
- Quelle disclosures@exodusintel.com
- Teams Watchlist Login
- Unerledigt Login
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Commscope ≫ Arris Surfboard Sbg6950ac2 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosures@exodusintel.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| disclosures@exodusintel.com | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.