Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

CVE-2024-21638 (GCVE-0-2024-21638)

Vulnerability from cvelistv5 – Published: 2024-01-10 21:44 – Updated: 2025-06-03 14:27
VLAI
Title
Azure IPAM solution Elevation of Privilege Vulnerability
Summary
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Azure ipam Affected: < 3.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6"
          },
          {
            "name": "https://github.com/Azure/ipam/pull/218",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Azure/ipam/pull/218"
          },
          {
            "name": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:41:13.322757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:27:29.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ipam",
          "vendor": "Azure",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers\u0027 Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-10T21:44:23.080Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6"
        },
        {
          "name": "https://github.com/Azure/ipam/pull/218",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Azure/ipam/pull/218"
        },
        {
          "name": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f"
        }
      ],
      "source": {
        "advisory": "GHSA-m8mp-jq4c-g8j6",
        "discovery": "UNKNOWN"
      },
      "title": "Azure IPAM solution Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21638",
    "datePublished": "2024-01-10T21:44:23.080Z",
    "dateReserved": "2023-12-29T03:00:44.957Z",
    "dateUpdated": "2025-06-03T14:27:29.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21622 (GCVE-0-2024-21622)

Vulnerability from cvelistv5 – Published: 2024-01-03 16:51 – Updated: 2025-04-17 18:35
VLAI
Title
Craft CMS Privilege Escalation
Summary
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
craftcms cms Affected: >= 4.0.0-RC1, < 4.5.11
Affected: >= 3.0.0, < 3.9.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"
          },
          {
            "name": "https://github.com/craftcms/cms/pull/13931",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/pull/13931"
          },
          {
            "name": "https://github.com/craftcms/cms/pull/13932",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/pull/13932"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"
          },
          {
            "name": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-08T17:11:55.447281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T18:35:24.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0-RC1, \u003c 4.5.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.9.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-03T16:51:25.704Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"
        },
        {
          "name": "https://github.com/craftcms/cms/pull/13931",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/pull/13931"
        },
        {
          "name": "https://github.com/craftcms/cms/pull/13932",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/pull/13932"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"
        },
        {
          "name": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"
        }
      ],
      "source": {
        "advisory": "GHSA-j5g9-j7r4-6qvx",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21622",
    "datePublished": "2024-01-03T16:51:25.704Z",
    "dateReserved": "2023-12-29T03:00:44.953Z",
    "dateUpdated": "2025-04-17T18:35:24.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21324 (GCVE-0-2024-21324)

Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39
VLAI
Title
Microsoft Defender for IoT Elevation of Privilege Vulnerability
Summary
Microsoft Defender for IoT Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Defender for IoT Affected: 22.0.0 , < 24.1.3 (custom)
Create a notification for this product.
Date Public
2024-04-09 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21324",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T17:33:15.475561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T17:33:54.880Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:39.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Defender for IoT Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Defender for IoT",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "24.1.3",
              "status": "affected",
              "version": "22.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:defender_for_iot:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "24.1.3",
                  "versionStartIncluding": "22.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Defender for IoT Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T00:39:39.966Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Defender for IoT Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324"
        }
      ],
      "title": "Microsoft Defender for IoT Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21324",
    "datePublished": "2024-04-09T17:00:39.984Z",
    "dateReserved": "2023-12-08T22:45:19.368Z",
    "dateUpdated": "2025-05-03T00:39:39.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20374 (GCVE-0-2024-20374)

Vulnerability from cvelistv5 – Published: 2024-10-23 17:30 – Updated: 2024-10-26 03:55
VLAI
Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Firepower Management Center Affected: 6.7.0
Affected: 6.7.0.1
Affected: 6.7.0.2
Affected: 6.7.0.3
Affected: 7.0.0
Affected: 7.0.0.1
Affected: 7.0.1
Affected: 7.0.1.1
Affected: 7.0.2
Affected: 7.0.2.1
Affected: 7.0.3
Affected: 7.0.4
Affected: 7.0.5
Affected: 7.0.6
Affected: 7.0.6.1
Affected: 7.0.6.2
Affected: 7.1.0
Affected: 7.1.0.1
Affected: 7.1.0.2
Affected: 7.1.0.3
Affected: 7.2.0
Affected: 7.2.1
Affected: 7.2.2
Affected: 7.2.0.1
Affected: 7.2.3
Affected: 7.2.3.1
Affected: 7.2.4
Affected: 7.2.4.1
Affected: 7.2.5
Affected: 7.2.5.1
Affected: 7.2.6
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.2.8
Affected: 7.2.8.1
Affected: 7.3.0
Affected: 7.3.1
Affected: 7.3.1.1
Affected: 7.3.1.2
Affected: 7.4.0
Affected: 7.4.1
Affected: 7.4.1.1
Create a notification for this product.
cisco firepower_management_center Affected: 6.7.0 , ≤ 6.7.0.3 (custom)
Affected: 7.0.0 , ≤ 7.0.6.2 (custom)
Affected: 7.1.0 , ≤ 7.1.0.3 (custom)
Affected: 7.2.0 , ≤ 7.2.8.1 (custom)
Affected: 7.3.0 , ≤ 7.3.1.2 (custom)
Affected: 7.4.0 , ≤ 7.4.1.1 (custom)
    cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firepower_management_center",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "6.7.0.3",
                "status": "affected",
                "version": "6.7.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.6.2",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.1.0.3",
                "status": "affected",
                "version": "7.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.2.8.1",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.3.1.2",
                "status": "affected",
                "version": "7.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.4.1.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-26T03:55:32.499Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Management Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.7.0"
            },
            {
              "status": "affected",
              "version": "6.7.0.1"
            },
            {
              "status": "affected",
              "version": "6.7.0.2"
            },
            {
              "status": "affected",
              "version": "6.7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            },
            {
              "status": "affected",
              "version": "7.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.2"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.\r\n\r This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T17:30:06.650Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-fmc-cmd-inj-2HBkA97G",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-2HBkA97G"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fmc-cmd-inj-2HBkA97G",
        "defects": [
          "CSCwi78588"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20374",
    "datePublished": "2024-10-23T17:30:06.650Z",
    "dateReserved": "2023-11-08T15:08:07.654Z",
    "dateUpdated": "2024-10-26T03:55:32.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20282 (GCVE-0-2024-20282)

Vulnerability from cvelistv5 – Published: 2024-04-03 16:20 – Updated: 2024-08-27 13:39
VLAI
Summary
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Nexus Dashboard Affected: 1.1(0c)
Affected: 1.1(0d)
Affected: 1.1(2h)
Affected: 1.1(2i)
Affected: 1.1(3c)
Affected: 1.1(3d)
Affected: 1.1(3e)
Affected: 1.1(3f)
Affected: 2.0(1b)
Affected: 2.0(1d)
Affected: 2.0(2g)
Affected: 2.0(2h)
Affected: 2.1(1d)
Affected: 2.1(1e)
Affected: 2.1(2d)
Affected: 2.1(2f)
Affected: 2.2(1e)
Affected: 2.2(1h)
Affected: 2.2(2d)
Affected: 2.3(1c)
Affected: 2.3(2b)
Affected: 2.3(2c)
Affected: 2.3(2d)
Affected: 2.3(2e)
Affected: 3.0(1f)
Affected: 3.0(1i)
Create a notification for this product.
cisco nexus_dashboard Affected: 1.1(0c)
Affected: 1.1(0d)
Affected: 1.1(2h)
Affected: 1.1(2i)
Affected: 1.1(3c)
Affected: 1.1(3d)
Affected: 1.1(3e)
Affected: 1.1(3f)
Affected: 2.0(1b)
Affected: 2.0(1d)
Affected: 2.0(2g)
Affected: 2.0(2h)
Affected: 2.1(1d)
Affected: 2.1(1e)
Affected: 2.1(2d)
Affected: 2.1(2f)
Affected: 2.2(1e)
Affected: 2.2(1h)
Affected: 2.2(2d)
Affected: 2.3(1c)
Affected: 2.3(2b)
Affected: 2.3(2c)
Affected: 2.3(2d)
Affected: 2.3(2e)
Affected: 3.0(1f)
Affected: 3.0(1i)
    cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nexus_dashboard",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "1.1(0c)"
              },
              {
                "status": "affected",
                "version": "1.1(0d)"
              },
              {
                "status": "affected",
                "version": "1.1(2h)"
              },
              {
                "status": "affected",
                "version": "1.1(2i)"
              },
              {
                "status": "affected",
                "version": "1.1(3c)"
              },
              {
                "status": "affected",
                "version": "1.1(3d)"
              },
              {
                "status": "affected",
                "version": "1.1(3e)"
              },
              {
                "status": "affected",
                "version": "1.1(3f)"
              },
              {
                "status": "affected",
                "version": "2.0(1b)"
              },
              {
                "status": "affected",
                "version": "2.0(1d)"
              },
              {
                "status": "affected",
                "version": "2.0(2g)"
              },
              {
                "status": "affected",
                "version": "2.0(2h)"
              },
              {
                "status": "affected",
                "version": "2.1(1d)"
              },
              {
                "status": "affected",
                "version": "2.1(1e)"
              },
              {
                "status": "affected",
                "version": "2.1(2d)"
              },
              {
                "status": "affected",
                "version": "2.1(2f)"
              },
              {
                "status": "affected",
                "version": "2.2(1e)"
              },
              {
                "status": "affected",
                "version": "2.2(1h)"
              },
              {
                "status": "affected",
                "version": "2.2(2d)"
              },
              {
                "status": "affected",
                "version": "2.3(1c)"
              },
              {
                "status": "affected",
                "version": "2.3(2b)"
              },
              {
                "status": "affected",
                "version": "2.3(2c)"
              },
              {
                "status": "affected",
                "version": "2.3(2d)"
              },
              {
                "status": "affected",
                "version": "2.3(2e)"
              },
              {
                "status": "affected",
                "version": "3.0(1f)"
              },
              {
                "status": "affected",
                "version": "3.0(1i)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T19:07:42.320022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T13:39:11.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Nexus Dashboard",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.1(0c)"
            },
            {
              "status": "affected",
              "version": "1.1(0d)"
            },
            {
              "status": "affected",
              "version": "1.1(2h)"
            },
            {
              "status": "affected",
              "version": "1.1(2i)"
            },
            {
              "status": "affected",
              "version": "1.1(3c)"
            },
            {
              "status": "affected",
              "version": "1.1(3d)"
            },
            {
              "status": "affected",
              "version": "1.1(3e)"
            },
            {
              "status": "affected",
              "version": "1.1(3f)"
            },
            {
              "status": "affected",
              "version": "2.0(1b)"
            },
            {
              "status": "affected",
              "version": "2.0(1d)"
            },
            {
              "status": "affected",
              "version": "2.0(2g)"
            },
            {
              "status": "affected",
              "version": "2.0(2h)"
            },
            {
              "status": "affected",
              "version": "2.1(1d)"
            },
            {
              "status": "affected",
              "version": "2.1(1e)"
            },
            {
              "status": "affected",
              "version": "2.1(2d)"
            },
            {
              "status": "affected",
              "version": "2.1(2f)"
            },
            {
              "status": "affected",
              "version": "2.2(1e)"
            },
            {
              "status": "affected",
              "version": "2.2(1h)"
            },
            {
              "status": "affected",
              "version": "2.2(2d)"
            },
            {
              "status": "affected",
              "version": "2.3(1c)"
            },
            {
              "status": "affected",
              "version": "2.3(2b)"
            },
            {
              "status": "affected",
              "version": "2.3(2c)"
            },
            {
              "status": "affected",
              "version": "2.3(2d)"
            },
            {
              "status": "affected",
              "version": "2.3(2e)"
            },
            {
              "status": "affected",
              "version": "3.0(1f)"
            },
            {
              "status": "affected",
              "version": "3.0(1i)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-03T16:20:33.850Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ndru-pesc-kZ2PQLZH",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ndru-pesc-kZ2PQLZH",
        "defects": [
          "CSCwh02726"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20282",
    "datePublished": "2024-04-03T16:20:33.850Z",
    "dateReserved": "2023-11-08T15:08:07.626Z",
    "dateUpdated": "2024-08-27T13:39:11.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20262 (GCVE-0-2024-20262)

Vulnerability from cvelistv5 – Published: 2024-03-13 16:46 – Updated: 2024-08-01 21:52
VLAI
Summary
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 5.2.0
Affected: 5.2.1
Affected: 5.2.2
Affected: 5.2.4
Affected: 5.2.3
Affected: 5.2.5
Affected: 5.2.47
Affected: 5.3.0
Affected: 5.3.1
Affected: 5.3.2
Affected: 5.3.3
Affected: 5.3.4
Affected: 6.0.0
Affected: 6.0.1
Affected: 6.0.2
Affected: 6.1.1
Affected: 6.1.2
Affected: 6.1.3
Affected: 6.1.4
Affected: 6.1.12
Affected: 6.1.22
Affected: 6.1.32
Affected: 6.1.36
Affected: 6.1.42
Affected: 6.2.1
Affected: 6.2.2
Affected: 6.2.3
Affected: 6.2.25
Affected: 6.2.11
Affected: 6.3.2
Affected: 6.3.3
Affected: 6.3.15
Affected: 6.4.1
Affected: 6.4.2
Affected: 6.4.3
Affected: 6.5.1
Affected: 6.5.2
Affected: 6.5.3
Affected: 6.5.25
Affected: 6.5.26
Affected: 6.5.28
Affected: 6.5.29
Affected: 6.5.32
Affected: 6.5.33
Affected: 6.6.2
Affected: 6.6.3
Affected: 6.6.25
Affected: 6.6.4
Affected: 7.0.1
Affected: 7.0.2
Affected: 7.0.12
Affected: 7.0.14
Affected: 7.1.1
Affected: 7.1.2
Affected: 6.7.2
Affected: 6.7.4
Affected: 7.2.0
Affected: 7.2.1
Affected: 7.2.2
Affected: 7.3.1
Affected: 7.3.15
Affected: 7.3.2
Affected: 7.3.3
Affected: 7.3.5
Affected: 7.4.1
Affected: 7.4.2
Affected: 7.5.1
Affected: 7.5.3
Affected: 7.5.2
Affected: 7.5.4
Affected: 7.5.5
Affected: 7.6.1
Affected: 7.6.2
Affected: 7.7.1
Affected: 7.7.2
Affected: 7.7.21
Affected: 7.8.1
Affected: 7.8.2
Affected: 7.9.1
Affected: 7.9.2
Affected: 7.10.1
Affected: 7.10.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-13T18:40:03.905095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:27.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-iosxr-scp-dos-kb6sUUHw",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.2.1"
            },
            {
              "status": "affected",
              "version": "5.2.2"
            },
            {
              "status": "affected",
              "version": "5.2.4"
            },
            {
              "status": "affected",
              "version": "5.2.3"
            },
            {
              "status": "affected",
              "version": "5.2.5"
            },
            {
              "status": "affected",
              "version": "5.2.47"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "status": "affected",
              "version": "5.3.1"
            },
            {
              "status": "affected",
              "version": "5.3.2"
            },
            {
              "status": "affected",
              "version": "5.3.3"
            },
            {
              "status": "affected",
              "version": "5.3.4"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.1.1"
            },
            {
              "status": "affected",
              "version": "6.1.2"
            },
            {
              "status": "affected",
              "version": "6.1.3"
            },
            {
              "status": "affected",
              "version": "6.1.4"
            },
            {
              "status": "affected",
              "version": "6.1.12"
            },
            {
              "status": "affected",
              "version": "6.1.22"
            },
            {
              "status": "affected",
              "version": "6.1.32"
            },
            {
              "status": "affected",
              "version": "6.1.36"
            },
            {
              "status": "affected",
              "version": "6.1.42"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.25"
            },
            {
              "status": "affected",
              "version": "6.2.11"
            },
            {
              "status": "affected",
              "version": "6.3.2"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "6.3.15"
            },
            {
              "status": "affected",
              "version": "6.4.1"
            },
            {
              "status": "affected",
              "version": "6.4.2"
            },
            {
              "status": "affected",
              "version": "6.4.3"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.25"
            },
            {
              "status": "affected",
              "version": "6.5.26"
            },
            {
              "status": "affected",
              "version": "6.5.28"
            },
            {
              "status": "affected",
              "version": "6.5.29"
            },
            {
              "status": "affected",
              "version": "6.5.32"
            },
            {
              "status": "affected",
              "version": "6.5.33"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "6.7.4"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack.\r\n\r This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover.\r\n\r Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:46:45.467Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-scp-dos-kb6sUUHw",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-scp-dos-kb6sUUHw",
        "defects": [
          "CSCwf11720"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20262",
    "datePublished": "2024-03-13T16:46:45.467Z",
    "dateReserved": "2023-11-08T15:08:07.623Z",
    "dateUpdated": "2024-08-01T21:52:31.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20021 (GCVE-0-2024-20021)

Vulnerability from cvelistv5 – Published: 2024-05-06 02:52 – Updated: 2024-08-01 21:52
VLAI
Summary
In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798 Affected: Android 12.0, 13.0, 14.0
Create a notification for this product.
mediatek mt6853 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6873 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6885 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6893 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8168 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8183 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8188 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8188t Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8195 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8195z Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8362a Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8365 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8666 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8667 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8675 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8765 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8766 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8766z Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8766z:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8768a Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8768a:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8768b Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8768b:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8768z Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8768z:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8781 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8788 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8788t Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8788t:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8788z Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8788z:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8792 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8795t Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8798 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6768 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6781 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6785 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6833 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6877 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8321 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8666a Affected: Android 12.0 , ≤ Android 14.0 (git)
    cpe:2.3:h:mediatek:mt8666a:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8673 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8768 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8768t Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8768t:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8786 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8788x Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8788x:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8796 Affected: Android 12.0 , ≤ Android 14.0 (custom)
    cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6853",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6873",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6885",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6893",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8168",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8183",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8188",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8188t",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8195",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8195z",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8362a",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8365",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8666",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8667",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8675",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8765",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8766",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8766z:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8766z",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8768a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8768a",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8768b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8768b",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8768z:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8768z",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8781",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8788",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8788t:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8788t",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8788z:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8788z",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8792",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8795t",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8798",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6768",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6781",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6785",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6833",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6877",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8321",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8666a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8666a",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "git"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8673",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8768",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8768t:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8768t",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8786",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8788x:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8788x",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8796",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "Android 14.0",
                "status": "affected",
                "version": "Android 12.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-20021",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T15:52:43.868259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:13.269Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 12.0, 13.0, 14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T02:52:01.865Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2024-20021",
    "datePublished": "2024-05-06T02:52:01.865Z",
    "dateReserved": "2023-11-02T13:35:35.151Z",
    "dateUpdated": "2024-08-01T21:52:31.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-14009 (GCVE-0-2024-14009)

Vulnerability from cvelistv5 – Published: 2025-10-30 21:41 – Updated: 2025-11-17 18:21
VLAI
Title
Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile
Summary
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application's security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Nagios XI Unknown: 0 , < 2024R1.0.1 (custom)
Create a notification for this product.
Credits
Matthew Bach from Hack The Box Ltd
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-14009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-31T13:05:55.558415Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T13:24:39.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "System Profile component"
          ],
          "product": "XI",
          "vendor": "Nagios",
          "versions": [
            {
              "lessThan": "2024R1.0.1",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*",
                  "versionEndExcluding": "r1.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthew Bach from Hack The Box Ltd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Nagios XI versions prior to\u0026nbsp;2024R1.0.1\u0026nbsp;contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application\u0027s security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server.\u003cbr\u003e"
            }
          ],
          "value": "Nagios XI versions prior to\u00a02024R1.0.1\u00a0contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application\u0027s security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-17T18:21:50.296Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.nagios.com/products/security/#nagios-xi"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://www.nagios.com/changelog/nagios-xi/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-system-profile"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios addresses this vulnerability as \"\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe System Profile component is vulnerable to a privilege escalation attack\" and \"Fix an privilege escalation vulnerability in the System Profile component.\"\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Nagios addresses this vulnerability as \"The System Profile component is vulnerable to a privilege escalation attack\" and \"Fix an privilege escalation vulnerability in the System Profile component.\""
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Nagios XI \u003c 2024R1.0.1 Privilege Escalation via System Profile",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-14009",
    "datePublished": "2025-10-30T21:41:13.594Z",
    "dateReserved": "2025-10-22T19:20:51.768Z",
    "dateUpdated": "2025-11-17T18:21:50.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-14004 (GCVE-0-2024-14004)

Vulnerability from cvelistv5 – Published: 2025-10-30 21:40 – Updated: 2025-11-17 18:21
VLAI
Title
Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)
Summary
Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Nagios XI Unknown: 0 , < 2024R1.2 (custom)
Create a notification for this product.
Credits
Exodus Intelligence
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-14004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-31T13:05:57.004075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T13:24:45.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "NagVis configuration (nagvis.conf)"
          ],
          "product": "XI",
          "vendor": "Nagios",
          "versions": [
            {
              "lessThan": "2024R1.2",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*",
                  "versionEndExcluding": "r1.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Exodus Intelligence"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Nagios XI versions prior to 2024R1.2 contain\u0026nbsp;a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.\u003cbr\u003e"
            }
          ],
          "value": "Nagios XI versions prior to 2024R1.2 contain\u00a0a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-17T18:21:49.174Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.nagios.com/products/security/#nagios-xi"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://www.nagios.com/changelog/nagios-xi/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-nagvis-configuration"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios addresses this vulnerability as \"\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"\u003cspan style=\"background-color: rgb(244, 247, 251);\"\u003eFixed privilege escalation via nagvis.conf .\"\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Nagios addresses this vulnerability as \"Nagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"Fixed privilege escalation via nagvis.conf .\""
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Nagios XI \u003c 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-14004",
    "datePublished": "2025-10-30T21:40:51.523Z",
    "dateReserved": "2025-10-22T18:42:07.873Z",
    "dateUpdated": "2025-11-17T18:21:49.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-13997 (GCVE-0-2024-13997)

Vulnerability from cvelistv5 – Published: 2025-11-03 21:55 – Updated: 2025-11-17 18:21
VLAI
Title
Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host
Summary
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Nagios XI Unknown: 0 , < 2024R1.1.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T15:05:09.210337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-05T15:05:14.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Migrate Server feature"
          ],
          "product": "XI",
          "vendor": "Nagios",
          "versions": [
            {
              "lessThan": "2024R1.1.3",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*",
                  "versionEndExcluding": "r1.1.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Nagios XI versions prior to\u0026nbsp;2024R1.1.3\u0026nbsp;contain a privilege escalation vulnerability in\u0026nbsp;which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.\u003cbr\u003e"
            }
          ],
          "value": "Nagios XI versions prior to\u00a02024R1.1.3\u00a0contain a privilege escalation vulnerability in\u00a0which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-17T18:21:47.934Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.nagios.com/products/security/#nagios-xi"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://www.nagios.com/changelog/nagios-xi/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios addresses this vulnerability as \"\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios XI was vulnerable to a privilege escalation wherein an administrator using the Migrate Server feature could become root on the XI server.\"\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Nagios addresses this vulnerability as \"Nagios XI was vulnerable to a privilege escalation wherein an administrator using the Migrate Server feature could become root on the XI server.\""
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Nagios XI \u003c 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-13997",
    "datePublished": "2025-11-03T21:55:48.197Z",
    "dateReserved": "2025-10-22T17:20:20.791Z",
    "dateUpdated": "2025-11-17T18:21:47.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.