CVE-2024-38279

EPSS 0.02%
Published 13.06.2024 17:15:51
Last modified 21.11.2024 09:25:15
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Motorola ≫ Vigilant Fixed Lpr Coms Box Firmware Version <= 3.1.171.9

Motorola ≫ Vigilant Fixed Lpr Coms Box Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	5.1	0	0	CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-38279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38279

EUVD