Common Weakness Enumeration

CWE-77

Allowed-with-Review

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Abstraction: Class · Status: Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

5383 vulnerabilities reference this CWE, most recent first.

CVE-2024-10193 (GCVE-0-2024-10193)

Vulnerability from cvelistv5 – Published: 2024-10-20 07:31 – Updated: 2024-10-21 16:16
VLAI
Title
WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.280967 vdb-entrytechnical-description
https://vuldb.com/?ctiid.280967 signaturepermissions-required
https://vuldb.com/?submit.422811 third-party-advisory
https://docs.google.com/document/d/13XWnFITW31u5J… exploit
Impacted products
Vendor Product Version
WAVLINK WN530H4 Affected: 20221028
Create a notification for this product.
WAVLINK WN530HG4 Affected: 20221028
Create a notification for this product.
WAVLINK WN572HG3 Affected: 20221028
Create a notification for this product.
wavlink wn530h4_firmware Affected: 20220721
    cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*
Create a notification for this product.
wavlink wn530hg4_firmware Affected: 20220809
    cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*
Create a notification for this product.
wavlink wn572hg3_firmware Affected: 20221028
    cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Stellar Lab (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wn530h4_firmware",
            "vendor": "wavlink",
            "versions": [
              {
                "status": "affected",
                "version": "20220721"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wn530hg4_firmware",
            "vendor": "wavlink",
            "versions": [
              {
                "status": "affected",
                "version": "20220809"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wn572hg3_firmware",
            "vendor": "wavlink",
            "versions": [
              {
                "status": "affected",
                "version": "20221028"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10193",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T16:12:54.832624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:16:50.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WN530H4",
          "vendor": "WAVLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20221028"
            }
          ]
        },
        {
          "product": "WN530HG4",
          "vendor": "WAVLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20221028"
            }
          ]
        },
        {
          "product": "WN572HG3",
          "vendor": "WAVLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20221028"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stellar Lab (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 gefunden. Dies betrifft die Funktion ping_ddns der Datei internet.cgi. Mittels dem Manipulieren des Arguments DDNS mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-20T07:31:05.305Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-280967 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.280967"
        },
        {
          "name": "VDB-280967 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.280967"
        },
        {
          "name": "Submit #422811 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.422811"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-19T09:41:15.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10193",
    "datePublished": "2024-10-20T07:31:05.305Z",
    "dateReserved": "2024-10-19T07:36:07.095Z",
    "dateUpdated": "2024-10-21T16:16:50.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10035 (GCVE-0-2024-10035)

Vulnerability from cvelistv5 – Published: 2024-11-04 11:48 – Updated: 2026-06-02 06:55 Unsupported When Assigned
VLAI
Title
Code Injection in BG-TEK's CoslatV3
Summary
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Vendor Product Version
BG-TEK Informatics Security Technologies CoslatV3 Affected: 0 , ≤ 3.1069 (custom)
Create a notification for this product.
bg-tek coslatv3_firmware Affected: 0 , ≤ 3.1069 (custom)
    cpe:2.3:o:bg-tek:coslatv3_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Efe OZEL Cemil Sefa OZCAN Omer YILMAZ Fordefence Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:bg-tek:coslatv3_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "coslatv3_firmware",
            "vendor": "bg-tek",
            "versions": [
              {
                "lessThanOrEqual": "3.1069",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-04T15:07:32.669713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T15:16:22.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "CoslatV3",
          "vendor": "BG-TEK Informatics Security Technologies",
          "versions": [
            {
              "lessThanOrEqual": "3.1069",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Efe OZEL"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Cemil Sefa OZCAN"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Omer YILMAZ"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "Fordefence Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027), Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027), Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.\u003cp\u003eThis issue affects CoslatV3: through 3.1069.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\nNOTE: The vendor was contacted and it was learned that the product is not supported.\n\n\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027), Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027), Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.\n\nThis issue affects CoslatV3: through 3.1069.\n\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T06:55:00.332Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1814"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1814"
        }
      ],
      "source": {
        "advisory": "TR-24-1814",
        "defect": [
          "TR-24-1814"
        ],
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Code Injection in BG-TEK\u0027s CoslatV3",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-10035",
    "datePublished": "2024-11-04T11:48:53.789Z",
    "dateReserved": "2024-10-16T14:04:46.589Z",
    "dateUpdated": "2026-06-02T06:55:00.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-9793 (GCVE-0-2024-9793)

Vulnerability from cvelistv5 – Published: 2024-10-10 15:31 – Updated: 2024-10-10 17:46
VLAI
Title
Tenda AC1206 ate ate_ifconfig_set command injection
Summary
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Tenda AC1206 Affected: 15.03.06.0
Affected: 15.03.06.1
Affected: 15.03.06.2
Affected: 15.03.06.3
Affected: 15.03.06.4
Affected: 15.03.06.5
Affected: 15.03.06.6
Affected: 15.03.06.7
Affected: 15.03.06.8
Affected: 15.03.06.9
Affected: 15.03.06.10
Affected: 15.03.06.11
Affected: 15.03.06.12
Affected: 15.03.06.13
Affected: 15.03.06.14
Affected: 15.03.06.15
Affected: 15.03.06.16
Affected: 15.03.06.17
Affected: 15.03.06.18
Affected: 15.03.06.19
Affected: 15.03.06.20
Affected: 15.03.06.21
Affected: 15.03.06.22
Affected: 15.03.06.23
Create a notification for this product.
tenda ac1206_firmware Affected: 0 , ≤ 15.03.06.23 (custom)
    cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
ixout (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac1206_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "lessThanOrEqual": "15.03.06.23",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9793",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T16:09:15.570083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T17:46:05.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.06.0"
            },
            {
              "status": "affected",
              "version": "15.03.06.1"
            },
            {
              "status": "affected",
              "version": "15.03.06.2"
            },
            {
              "status": "affected",
              "version": "15.03.06.3"
            },
            {
              "status": "affected",
              "version": "15.03.06.4"
            },
            {
              "status": "affected",
              "version": "15.03.06.5"
            },
            {
              "status": "affected",
              "version": "15.03.06.6"
            },
            {
              "status": "affected",
              "version": "15.03.06.7"
            },
            {
              "status": "affected",
              "version": "15.03.06.8"
            },
            {
              "status": "affected",
              "version": "15.03.06.9"
            },
            {
              "status": "affected",
              "version": "15.03.06.10"
            },
            {
              "status": "affected",
              "version": "15.03.06.11"
            },
            {
              "status": "affected",
              "version": "15.03.06.12"
            },
            {
              "status": "affected",
              "version": "15.03.06.13"
            },
            {
              "status": "affected",
              "version": "15.03.06.14"
            },
            {
              "status": "affected",
              "version": "15.03.06.15"
            },
            {
              "status": "affected",
              "version": "15.03.06.16"
            },
            {
              "status": "affected",
              "version": "15.03.06.17"
            },
            {
              "status": "affected",
              "version": "15.03.06.18"
            },
            {
              "status": "affected",
              "version": "15.03.06.19"
            },
            {
              "status": "affected",
              "version": "15.03.06.20"
            },
            {
              "status": "affected",
              "version": "15.03.06.21"
            },
            {
              "status": "affected",
              "version": "15.03.06.22"
            },
            {
              "status": "affected",
              "version": "15.03.06.23"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ixout (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T15:31:06.625Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-279946 | Tenda AC1206 ate ate_ifconfig_set command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.279946"
        },
        {
          "name": "VDB-279946 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.279946"
        },
        {
          "name": "Submit #418061 | Tenda Router V15.03.06.23 and earlier Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.418061"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-10T09:28:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC1206 ate ate_ifconfig_set command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9793",
    "datePublished": "2024-10-10T15:31:06.625Z",
    "dateReserved": "2024-10-10T07:23:14.015Z",
    "dateUpdated": "2024-10-10T17:46:05.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9773 (GCVE-0-2024-9773)

Vulnerability from cvelistv5 – Published: 2025-03-27 12:31 – Updated: 2025-03-27 13:07
VLAI
Title
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
Summary
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
URL Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/498557 issue-trackingpermissions-required
https://hackerone.com/reports/2671808 technical-descriptionexploitpermissions-required
Impacted products
Vendor Product Version
GitLab GitLab Affected: 14.9 , < 17.8.6 (semver)
Affected: 17.9 , < 17.9.3 (semver)
Affected: 17.10 , < 17.10.1 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T13:07:31.748921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T13:07:40.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "17.8.6",
              "status": "affected",
              "version": "14.9",
              "versionType": "semver"
            },
            {
              "lessThan": "17.9.3",
              "status": "affected",
              "version": "17.9",
              "versionType": "semver"
            },
            {
              "lessThan": "17.10.1",
              "status": "affected",
              "version": "17.10",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-27T12:31:27.475Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #498557",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498557"
        },
        {
          "name": "HackerOne Bug Bounty Report #2671808",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/2671808"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 17.8.6, 17.9.3, 17.10.1 or above."
        }
      ],
      "title": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2024-9773",
    "datePublished": "2025-03-27T12:31:27.475Z",
    "dateReserved": "2024-10-09T21:01:41.384Z",
    "dateUpdated": "2025-03-27T13:07:40.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9579 (GCVE-0-2024-9579)

Vulnerability from cvelistv5 – Published: 2024-11-05 16:22 – Updated: 2024-11-05 19:32
VLAI
Title
Certain Poly Video Conference Devices – Potential Remote Code Execution
Summary
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
hp
Impacted products
Vendor Product Version
HP, Inc. Certain Poly Video Conference Devices Affected: See HP security bulletin reference for affected versions
Create a notification for this product.
poly tc8_firmware Affected: 0 , < 6.3.2 (custom)
    cpe:2.3:o:poly:tc8_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly tc10_firmware Affected: 0 , < 6.3.2 (custom)
    cpe:2.3:o:poly:tc10_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly g7500_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:g7500_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly studio_x30_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:studio_x30_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly studio_x50_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:studio_x50_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly studio_x70_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:studio_x70_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly studio_x52_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:studio_x52_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
poly studio_g62_firmware Affected: 0 , < 4.3.2 (custom)
    cpe:2.3:o:poly:studio_g62_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:poly:tc8_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tc8_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "6.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:tc10_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tc10_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "6.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:g7500_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "g7500_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:studio_x30_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "studio_x30_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:studio_x50_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "studio_x50_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:studio_x70_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "studio_x70_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:studio_x52_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "studio_x52_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:poly:studio_g62_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "studio_g62_firmware",
            "vendor": "poly",
            "versions": [
              {
                "lessThan": "4.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T19:13:45.885761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T19:32:25.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Certain Poly Video Conference Devices",
          "vendor": "HP, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP security bulletin reference for affected versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.\u003c/span\u003e"
            }
          ],
          "value": "A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T16:22:01.465Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "url": "https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900"
        }
      ],
      "source": {
        "advisory": "HPSBPY03900",
        "discovery": "UNKNOWN"
      },
      "title": "Certain Poly Video Conference Devices \u2013 Potential Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2024-9579",
    "datePublished": "2024-11-05T16:22:01.465Z",
    "dateReserved": "2024-10-07T13:24:15.881Z",
    "dateUpdated": "2024-11-05T19:32:25.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9380 (GCVE-0-2024-9380)

Vulnerability from cvelistv5 – Published: 2024-10-08 16:23 – Updated: 2025-10-21 22:55
VLAI
Summary
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Ivanti CSA (Cloud Services Appliance) Unaffected: 5.0.2 (custom)
Create a notification for this product.
ivanti endpoint_manager_cloud_services_appliance Affected: 0 , < 5.0.2 (custom)
    cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "endpoint_manager_cloud_services_appliance",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "5.0.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9380",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T13:49:29.865376Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9380"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:43.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9380"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-09T00:00:00.000Z",
            "value": "CVE-2024-9380 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "CSA (Cloud Services Appliance)",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn OS command injection vulnerability in the admin web console of Ivanti CSA\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e before \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversion 5.0.2\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e allows a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eremote authenticated\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewith admin privileges \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eobtain remote code execution.\u003c/span\u003e"
            }
          ],
          "value": "An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T16:23:49.949Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2024-9380",
    "datePublished": "2024-10-08T16:23:49.949Z",
    "dateReserved": "2024-09-30T21:10:36.364Z",
    "dateUpdated": "2025-10-21T22:55:43.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9145 (GCVE-0-2024-9145)

Vulnerability from cvelistv5 – Published: 2024-10-01 07:23 – Updated: 2024-11-21 16:56
VLAI
Title
Local command injection in Wiz Code Visual Studio Code extension
Summary
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Wiz
Impacted products
Vendor Product Version
Wiz Wiz Code Visual Studio Code extension Affected: 1.0.0 , ≤ 1.5.3 (semver)
Affected: 0.13.0 , ≤ 0.17.8 (semver)
Create a notification for this product.
Date Public
2024-10-01 07:21
Credits
Rohit Kumar
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T13:46:52.078510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:56:55.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wiz Code Visual Studio Code extension",
          "vendor": "Wiz",
          "versions": [
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "0.17.8",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rohit Kumar"
        }
      ],
      "datePublic": "2024-10-01T07:21:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eWiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a \"trusted folder\" within Visual Studio Code, and initiates a manual scan of the file.\u003c/span\u003e"
            }
          ],
          "value": "Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a \"trusted folder\" within Visual Studio Code, and initiates a manual scan of the file."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-01T07:49:49.613Z",
        "orgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
        "shortName": "Wiz"
      },
      "references": [
        {
          "url": "https://www.wiz.io/security-advisories"
        },
        {
          "url": "https://marketplace.visualstudio.com/items/WizCloud.wizcli-vscode/changelog"
        },
        {
          "url": "https://marketplace.visualstudio.com/items/WizCloud.wiz-vscode/changelog"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Local command injection in Wiz Code Visual Studio Code extension",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
    "assignerShortName": "Wiz",
    "cveId": "CVE-2024-9145",
    "datePublished": "2024-10-01T07:23:03.891Z",
    "dateReserved": "2024-09-24T09:58:45.182Z",
    "dateUpdated": "2024-11-21T16:56:55.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9076 (GCVE-0-2024-9076)

Vulnerability from cvelistv5 – Published: 2024-09-22 00:00 – Updated: 2024-11-28 06:08
VLAI
Title
DedeCMS article_string_mix.php os command injection
Summary
A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.278243 vdb-entrytechnical-description
https://vuldb.com/?ctiid.278243 signaturepermissions-required
https://vuldb.com/?submit.407461 third-party-advisory
https://gitee.com/hjjjx/dede_cms/blob/master/arti… broken-linkexploit
Impacted products
Vendor Product Version
n/a DedeCMS Affected: 5.7.115
dedecms dedecms Affected: 0 , ≤ 5.7.115 (custom)
    cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Kuinyoe (VulDB User) jiashenghe (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dedecms",
            "vendor": "dedecms",
            "versions": [
              {
                "lessThanOrEqual": "5.7.115",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T14:51:31.680849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T14:56:49.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DedeCMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.7.115"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kuinyoe (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "jiashenghe (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in DedeCMS bis 5.7.115 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /dede/article_string_mix.php. Durch das Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-28T06:08:58.720Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-278243 | DedeCMS article_string_mix.php os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.278243"
        },
        {
          "name": "VDB-278243 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.278243"
        },
        {
          "name": "Submit #407461 | dedecms DedeCMS V5.7.115 rce",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.407461"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://gitee.com/hjjjx/dede_cms/blob/master/article_string_mix_rce.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-09-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-28T07:13:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "DedeCMS article_string_mix.php os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9076",
    "datePublished": "2024-09-22T00:00:10.642Z",
    "dateReserved": "2024-09-21T08:02:12.789Z",
    "dateUpdated": "2024-11-28T06:08:58.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8640 (GCVE-0-2024-8640)

Vulnerability from cvelistv5 – Published: 2024-09-12 16:56 – Updated: 2024-09-13 14:13
VLAI
Title
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
Summary
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
URL Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/486213 issue-trackingpermissions-required
https://hackerone.com/reports/2687770 technical-descriptionexploitpermissions-required
https://about.gitlab.com/releases/2024/09/11/patc…
Impacted products
Vendor Product Version
GitLab GitLab Affected: 16.11 , < 17.1.7 (semver)
Affected: 17.2 , < 17.2.5 (semver)
Affected: 17.3 , < 17.3.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T17:29:55.753120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:30:16.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-13T14:13:28.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "17.1.7",
              "status": "affected",
              "version": "16.11",
              "versionType": "semver"
            },
            {
              "lessThan": "17.2.5",
              "status": "affected",
              "version": "17.2",
              "versionType": "semver"
            },
            {
              "lessThan": "17.3.2",
              "status": "affected",
              "version": "17.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-12T16:56:23.356Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #486213",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213"
        },
        {
          "name": "HackerOne Bug Bounty Report #2687770",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/2687770"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 17.1.7, 17.2.5 or 17.3.2"
        }
      ],
      "title": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2024-8640",
    "datePublished": "2024-09-12T16:56:23.356Z",
    "dateReserved": "2024-09-09T22:30:35.372Z",
    "dateUpdated": "2024-09-13T14:13:28.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8405 (GCVE-0-2024-8405)

Vulnerability from cvelistv5 – Published: 2024-09-26 01:36 – Updated: 2024-09-26 15:02
VLAI
Title
Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack
Summary
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
PaperCut PaperCut NG, PaperCut MF Affected: 0 , < 23.0.9 (custom)
Create a notification for this product.
Date Public
2024-09-26 01:35
Credits
Amol Dosanjh of Trend Micro
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T15:01:57.724249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:02:10.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Web Print"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "PaperCut NG, PaperCut MF",
          "vendor": "PaperCut",
          "versions": [
            {
              "changes": [
                {
                  "at": "23.0.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "23.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Amol Dosanjh of Trend Micro"
        }
      ],
      "datePublic": "2024-09-26T01:35:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis specific flaw exists within the web-print.exe process, which can incorrectly create files that don\u2019t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eNote: \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis CVE has been split from CVE-2024-4712.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don\u2019t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.\n\nNote: \n\nThis CVE has been split from CVE-2024-4712."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Flooding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T01:36:26.364Z",
        "orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
        "shortName": "PaperCut"
      },
      "references": [
        {
          "url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
    "assignerShortName": "PaperCut",
    "cveId": "CVE-2024-8405",
    "datePublished": "2024-09-26T01:36:26.364Z",
    "dateReserved": "2024-09-04T05:55:45.849Z",
    "dateUpdated": "2024-09-26T15:02:10.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Mitigation
Implementation

If possible, ensure that all external commands called from the program are statically created.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Operation

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Mitigation
System Configuration

Assign permissions that prevent the user from accessing/opening privileged files.

CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.