CVE-2024-47254

EPSS 0.11%
Veröffentlicht 05.11.2024 10:20:04
Zuletzt bearbeitet 04.09.2025 10:42:25
Quelle product-security@axis.com
Teams Watchlist Login
Unerledigt Login

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient 
Verification of Data Authenticity vulnerability could allow an attacker 
to escalate their privileges and gain root access to the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

2n ≫ Access Commander Version <= 3.1.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
product-security@axis.com	6.3	0.4	5.9	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11

https://nvd.nist.gov/vuln/detail/CVE-2024-47254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47254

EUVD