Common Weakness Enumeration

CWE-77

Allowed-with-Review

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Abstraction: Class · Status: Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

5383 vulnerabilities reference this CWE, most recent first.

CVE-2024-3871 (GCVE-0-2024-3871)

Vulnerability from cvelistv5 – Published: 2024-04-16 08:12 – Updated: 2024-08-01 20:26
VLAI
Title
Authenticated Remote Command Injection in Delta Electronics DVW
Summary
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Deltra Electronics DVW-W02W2-E2 Affected: 0 , ≤ 2.5.2 (semver)
Create a notification for this product.
deltaww dvw-w02w2-e2_firmware Affected: 0 , ≤ 2.5.2 (semver)
    cpe:2.3:o:deltaww:dvw-w02w2-e2_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-26 06:00
Credits
Quentin Kaiser from ONEKEY Research Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:deltaww:dvw-w02w2-e2_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dvw-w02w2-e2_firmware",
            "vendor": "deltaww",
            "versions": [
              {
                "lessThanOrEqual": "2.5.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T15:27:07.361018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:28:54.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://onekey.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DVW-W02W2-E2",
          "vendor": "Deltra Electronics",
          "versions": [
            {
              "lessThanOrEqual": "2.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Quentin Kaiser from ONEKEY Research Labs"
        }
      ],
      "datePublic": "2024-04-26T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities.\u003cbr\u003e\u003cp\u003eSuccessful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with\u0026nbsp;elevated privileges on the affected devices.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects DVW-W02W2-E2 through version 2.5.2.\u003c/p\u003e"
            }
          ],
          "value": "The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities.\nSuccessful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with\u00a0elevated privileges on the affected devices.\n\nThis issue affects DVW-W02W2-E2 through version 2.5.2.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-17T10:47:18.687Z",
        "orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
        "shortName": "ONEKEY"
      },
      "references": [
        {
          "url": "https://onekey.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSince DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no solution.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no solution.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated Remote Command Injection in Delta Electronics DVW",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSince DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no workaround.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no workaround.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
    "assignerShortName": "ONEKEY",
    "cveId": "CVE-2024-3871",
    "datePublished": "2024-04-16T08:12:23.197Z",
    "dateReserved": "2024-04-16T08:01:45.912Z",
    "dateUpdated": "2024-08-01T20:26:57.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3483 (GCVE-0-2024-3483)

Vulnerability from cvelistv5 – Published: 2024-05-15 16:44 – Updated: 2024-08-01 20:12
VLAI
Title
Remote Code Execution vulnerability in the iManager
Summary
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0300 (rpm, exe)
Create a notification for this product.
microfocus imanager Affected: 3.0 , ≤ 3.2.6.0300 (custom)
    cpe:2.3:a:microfocus:imanager:3.0:-:*:*:*:*:*:*
Create a notification for this product.
Credits
Blaine Herro (Yahoo! Inc. VRT)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microfocus:imanager:3.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "imanager",
            "vendor": "microfocus",
            "versions": [
              {
                "lessThanOrEqual": "3.2.6.0300",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T17:28:49.519819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T16:33:37.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:07.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "64 bit"
          ],
          "product": "iManager",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThanOrEqual": "3.2.6.0300",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "rpm, exe"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Blaine Herro (Yahoo! Inc. VRT)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cstrong\u003eRemote Code\nExecution \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0200\u003c/strong\u003e\u003cstrong\u003e.\u0026nbsp;\u003cstrong\u003eThe vulnerability \u003c/strong\u003e\u003cstrong\u003ecan\ntrigger command injection and insecure deserialization issues.\u003c/strong\u003e\n\n\n\n\u003c/strong\u003e"
            }
          ],
          "value": "Remote Code\nExecution has been discovered in\nOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability can\ntrigger command injection and insecure deserialization issues.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-23",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-23 File Content Injection"
            }
          ]
        },
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T16:44:00.950Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution vulnerability in the iManager",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2024-3483",
    "datePublished": "2024-05-15T16:44:00.950Z",
    "dateReserved": "2024-04-08T19:19:49.290Z",
    "dateUpdated": "2024-08-01T20:12:07.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3400 (GCVE-0-2024-3400)

Vulnerability from cvelistv5 – Published: 2024-04-12 07:20 – Updated: 2025-10-21 23:05
VLAI
Title
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Palo Alto Networks PAN-OS Unaffected: 9.0.0
Unaffected: 9.1.0
Unaffected: 10.0.0
Unaffected: 10.1.0
Affected: 10.2.0 , < 10.2.9-h1 (custom)
Affected: 11.0.0 , < 11.0.4-h1 (custom)
Affected: 11.1.0 , < 11.1.2-h3 (custom)
Create a notification for this product.
Palo Alto Networks Cloud NGFW Unaffected: All
Create a notification for this product.
Palo Alto Networks Prisma Access Unaffected: All
Create a notification for this product.
paloaltonetworks pan-os Affected: 10.2.0 , < 10.2.9-h1 (custom)
    cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*
Create a notification for this product.
paloaltonetworks pan-os Affected: 11.0.0 , < 11.0.4-h1 (custom)
    cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*
Create a notification for this product.
paloaltonetworks pan-os Affected: 11.1.0 , < 11.1.2-h3 (custom)
    cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-12 06:55
Credits
Palo Alto Networks thanks Volexity for detecting and identifying this issue. Capability Development Group at Bishop Fox for helping us verify the fixes and improve threat prevention signatures.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "10.2.9-h1",
                "status": "affected",
                "version": "10.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.0.4-h1",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pan-os",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "11.1.2-h3",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3400",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-17T04:00:13.543064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-04-12",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:21.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-04-12T00:00:00.000Z",
            "value": "CVE-2024-3400 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:06.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://unit42.paloaltonetworks.com/cve-2024-3400/"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "9.0.0"
            },
            {
              "status": "unaffected",
              "version": "9.1.0"
            },
            {
              "status": "unaffected",
              "version": "10.0.0"
            },
            {
              "status": "unaffected",
              "version": "10.1.0"
            },
            {
              "changes": [
                {
                  "at": "10.2.9-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.9-h1",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.0.4-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.4-h1",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.2-h3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.2-h3",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\u003cbr\u003e\u003cbr\u003eYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network \u0026gt; GlobalProtect \u0026gt; Gateways or Network \u0026gt; GlobalProtect \u0026gt; Portals)."
            }
          ],
          "value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\n\nYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network \u003e GlobalProtect \u003e Gateways or Network \u003e GlobalProtect \u003e Portals)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Volexity for detecting and identifying this issue."
        },
        {
          "lang": "en",
          "type": "remediation verifier",
          "value": "Capability Development Group at Bishop Fox for helping us verify the fixes and improve threat prevention signatures."
        }
      ],
      "datePublic": "2024-04-12T06:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\u003cbr\u003e\u003cbr\u003eCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability."
            }
          ],
          "value": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\u003cbr\u003e\u003cbr\u003eMore information about the vulnerability\u0027s exploitation in the wild can be found in the Unit 42 threat brief (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/cve-2024-3400/\"\u003ehttps://unit42.paloaltonetworks.com/cve-2024-3400/\u003c/a\u003e) and the Palo Alto Networks PSIRT blog post (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)\"\u003ehttps://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)\u003c/a\u003e."
            }
          ],
          "value": "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n\nMore information about the vulnerability\u0027s exploitation in the wild can be found in the Unit 42 threat brief ( https://unit42.paloaltonetworks.com/cve-2024-3400/ ) and the Palo Alto Networks PSIRT blog post ( https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/) ."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-19T22:27:27.179Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://unit42.paloaltonetworks.com/cve-2024-3400/"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\u003cbr\u003e\u003cbr\u003eThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected."
            }
          ],
          "value": "We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\n\nThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected."
        }
      ],
      "source": {
        "defect": [
          "PAN-252214"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-12T06:55:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\u003cbr\u003e\u003cbr\u003eTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003ehttps://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\u003c/a\u003e for more information."
            }
          ],
          "value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\n\nTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see  https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184  for more information."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-3400",
    "datePublished": "2024-04-12T07:20:00.707Z",
    "dateReserved": "2024-04-05T17:40:30.117Z",
    "dateUpdated": "2025-10-21T23:05:21.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3273 (GCVE-0-2024-3273)

Vulnerability from cvelistv5 – Published: 2024-04-04 01:00 – Updated: 2025-10-21 23:05 Unsupported When Assigned
VLAI
Title
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
D-Link DNS-320L Affected: 20240403
Create a notification for this product.
D-Link DNS-325 Affected: 20240403
Create a notification for this product.
D-Link DNS-327L Affected: 20240403
Create a notification for this product.
D-Link DNS-340L Affected: 20240403
Create a notification for this product.
dlink dns-320l_firmware Affected: 20240403
    cpe:2.3:a:dlink:dns-320l_firmware:20240403:*:*:*:*:*:*:*
Create a notification for this product.
dlink dns-325_firmware Affected: 20240403
    cpe:2.3:a:dlink:dns-325_firmware:20240403:*:*:*:*:*:*:*
Create a notification for this product.
dlink dns-327l_firmware Affected: 20240403
    cpe:2.3:a:dlink:dns-327l_firmware:20240403:*:*:*:*:*:*:*
Create a notification for this product.
dlink dns-340l_firmware Affected: 20240403
    cpe:2.3:a:dlink:dns-340l_firmware:20240403:*:*:*:*:*:*:*
Create a notification for this product.
Credits
netsecfish netsecfish (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:dlink:dns-320l_firmware:20240403:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dns-320l_firmware",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "20240403"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dlink:dns-325_firmware:20240403:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dns-325_firmware",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "20240403"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dlink:dns-327l_firmware:20240403:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dns-327l_firmware",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "20240403"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dlink:dns-340l_firmware:20240403:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dns-340l_firmware",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "20240403"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3273",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T04:00:37.894213Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-04-11",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3273"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:22.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://www.greynoise.io/blog/cve-2024-3273-d-link-nas-rce-exploited-in-the-wild"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3273"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-04-11T00:00:00.000Z",
            "value": "CVE-2024-3273 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-259284 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.259284"
          },
          {
            "name": "VDB-259284 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.259284"
          },
          {
            "name": "Submit #304661 | D-LINK  DNS-340L, DNS-320L, DNS-327L, DNS-325 Version 1.11, Version 1.00.0409.2013, Version 1.09, Version 1.08, Version 1.03.0904.2013, Version 1.01 Command Injection, Backdoor Account",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.304661"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/netsecfish/dlink"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP GET Request Handler"
          ],
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240403"
            }
          ]
        },
        {
          "modules": [
            "HTTP GET Request Handler"
          ],
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240403"
            }
          ]
        },
        {
          "modules": [
            "HTTP GET Request Handler"
          ],
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240403"
            }
          ]
        },
        {
          "modules": [
            "HTTP GET Request Handler"
          ],
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240403"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "netsecfish"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "netsecfish (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments system mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-11T09:43:52.051Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-259284 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.259284"
        },
        {
          "name": "VDB-259284 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.259284"
        },
        {
          "name": "Submit #304661 | D-LINK  DNS-340L, DNS-320L, DNS-327L, DNS-325 Version 1.11, Version 1.00.0409.2013, Version 1.09, Version 1.08, Version 1.03.0904.2013, Version 1.01 Command Injection, Backdoor Account",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.304661"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/netsecfish/dlink"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-11T11:48:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-3273",
    "datePublished": "2024-04-04T01:00:06.842Z",
    "dateReserved": "2024-04-03T18:21:32.401Z",
    "dateUpdated": "2025-10-21T23:05:22.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3271 (GCVE-0-2024-3271)

Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 20:05
VLAI
Title
Command Injection in run-llama/llama_index
Summary
A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
run-llama run-llama/llama_index Affected: unspecified , < 10.26 (custom)
Create a notification for this product.
run-llama llama_index Affected: *
    cpe:2.3:a:run-llama:llama_index:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:run-llama:llama_index:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "llama_index",
            "vendor": "run-llama",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3271",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T19:12:23.200432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:31:15.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/9b32490e-7cf9-470e-8d49-ba083ae7a279"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "run-llama/llama_index",
          "vendor": "run-llama",
          "versions": [
            {
              "lessThan": "10.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77  Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-16T11:10:35.662Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/9b32490e-7cf9-470e-8d49-ba083ae7a279"
        },
        {
          "url": "https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475"
        }
      ],
      "source": {
        "advisory": "9b32490e-7cf9-470e-8d49-ba083ae7a279",
        "discovery": "EXTERNAL"
      },
      "title": "Command Injection in run-llama/llama_index"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-3271",
    "datePublished": "2024-04-16T00:00:15.108Z",
    "dateReserved": "2024-04-03T18:18:31.188Z",
    "dateUpdated": "2024-08-01T20:05:08.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3154 (GCVE-0-2024-3154)

Vulnerability from cvelistv5 – Published: 2024-04-26 03:12 – Updated: 2025-11-20 07:17
VLAI
Title
Cri-o: arbitrary command injection via pod annotation
Summary
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Affected: 1.27.5 (semver)
Unaffected: 1.27.6 (semver)
Affected: 1.28.5 (semver)
Unaffected: 1.28.6 (semver)
Affected: 1.29.3 (semver)
Unaffected: 1.29.4 (semver)
Unaffected: 1.30.0 (semver)
Red Hat Red Hat OpenShift Container Platform 4.12 Unaffected: 0:1.25.5-16.2.rhaos4.12.gitcb09013.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.12::el8
    cpe:/a:redhat:openshift:4.12::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: 0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el9
    cpe:/a:redhat:openshift:4.13::el8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: 0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el8
    cpe:/a:redhat:openshift:4.14::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: 0:1.28.6-2.rhaos4.15.git77bbb1c.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Create a notification for this product.
Date Public
2024-04-22 16:00
Credits
Red Hat would like to thank Akihiro Suda and Cédric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3154",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-26T17:14:54.871751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:31:24.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:07.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2669"
          },
          {
            "name": "RHSA-2024:2672",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2672"
          },
          {
            "name": "RHSA-2024:2784",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2784"
          },
          {
            "name": "RHSA-2024:3496",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3496"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3154"
          },
          {
            "name": "RHBZ#2272532",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/pull/4217"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cri-o/cri-o",
          "defaultStatus": "unaffected",
          "packageName": "cri-o",
          "versions": [
            {
              "status": "affected",
              "version": "1.27.5",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.27.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.28.5",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.28.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.29.3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.29.4",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.30.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.12::el8",
            "cpe:/a:redhat:openshift:4.12::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.25.5-16.2.rhaos4.12.gitcb09013.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9",
            "cpe:/a:redhat:openshift:4.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el8",
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.28.6-2.rhaos4.15.git77bbb1c.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cri-o",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Akihiro Suda and C\u00e9dric Clerget for reporting this issue. Upstream acknowledges the CRI-O team as the original reporter."
        }
      ],
      "datePublic": "2024-04-22T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T07:17:45.415Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2669"
        },
        {
          "name": "RHSA-2024:2672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2672"
        },
        {
          "name": "RHSA-2024:2784",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2784"
        },
        {
          "name": "RHSA-2024:3496",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3496"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-3154"
        },
        {
          "name": "RHBZ#2272532",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272532"
        },
        {
          "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"
        },
        {
          "url": "https://github.com/opencontainers/runc/pull/4217"
        },
        {
          "url": "https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-01T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-22T16:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Cri-o: arbitrary command injection via pod annotation",
      "x_redhatCweChain": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-3154",
    "datePublished": "2024-04-26T03:12:38.036Z",
    "dateReserved": "2024-04-01T19:43:56.801Z",
    "dateUpdated": "2025-11-20T07:17:45.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-3009 (GCVE-0-2024-3009)

Vulnerability from cvelistv5 – Published: 2024-03-27 23:31 – Updated: 2024-08-27 20:18
VLAI
Title
Tenda FH1205 WriteFacMac formWriteFacMac command injection
Summary
A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.258295 vdb-entrytechnical-description
https://vuldb.com/?ctiid.258295 signaturepermissions-required
https://vuldb.com/?submit.301488 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda FH1205 Affected: 2.0.0.7(775)
Create a notification for this product.
tenda fh1205_firmware Affected: 2.0.0.7\(775\)
    cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\(775\):*:*:*:*:*:*:*
Create a notification for this product.
Credits
wxhwxhwxh_mie (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-258295 | Tenda FH1205 WriteFacMac formWriteFacMac command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.258295"
          },
          {
            "name": "VDB-258295 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.258295"
          },
          {
            "name": "Submit #301488 | Tenda FH1205 V2.0.0.7(775) command injection",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.301488"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWriteFacMac.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1205_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "2.0.0.7\\(775\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3009",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T18:30:14.178695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T20:18:48.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FH1205",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0.7(775)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_mie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda FH1205 2.0.0.7(775) wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T23:31:03.733Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-258295 | Tenda FH1205 WriteFacMac formWriteFacMac command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.258295"
        },
        {
          "name": "VDB-258295 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.258295"
        },
        {
          "name": "Submit #301488 | Tenda FH1205 V2.0.0.7(775) command injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.301488"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWriteFacMac.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-27T15:21:05.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1205 WriteFacMac formWriteFacMac command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-3009",
    "datePublished": "2024-03-27T23:31:03.733Z",
    "dateReserved": "2024-03-27T14:15:28.641Z",
    "dateUpdated": "2024-08-27T20:18:48.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2991 (GCVE-0-2024-2991)

Vulnerability from cvelistv5 – Published: 2024-03-27 18:31 – Updated: 2024-08-12 14:35
VLAI
Title
Tenda FH1203 WriteFacMac formWriteFacMac command injection
Summary
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.258160 vdb-entrytechnical-description
https://vuldb.com/?ctiid.258160 signaturepermissions-required
https://vuldb.com/?submit.301366 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda FH1203 Affected: 2.0.1.6
Create a notification for this product.
tenda fh1203_firmware Affected: 2.0.1.6
    cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*
Create a notification for this product.
Credits
wxhwxhwxh_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-258160 | Tenda FH1203 WriteFacMac formWriteFacMac command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.258160"
          },
          {
            "name": "VDB-258160 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.258160"
          },
          {
            "name": "Submit #301366 | Tenda FH1203 V2.0.1.6 command injection",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.301366"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWriteFacMac.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1203_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "2.0.1.6"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2991",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-12T14:34:23.405961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T14:35:32.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FH1203",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.1.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda FH1203 2.0.1.6 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Dank Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T18:31:06.019Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-258160 | Tenda FH1203 WriteFacMac formWriteFacMac command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.258160"
        },
        {
          "name": "VDB-258160 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.258160"
        },
        {
          "name": "Submit #301366 | Tenda FH1203 V2.0.1.6 command injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.301366"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWriteFacMac.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-27T08:10:35.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1203 WriteFacMac formWriteFacMac command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2991",
    "datePublished": "2024-03-27T18:31:06.019Z",
    "dateReserved": "2024-03-27T07:04:41.945Z",
    "dateUpdated": "2024-08-12T14:35:32.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2982 (GCVE-0-2024-2982)

Vulnerability from cvelistv5 – Published: 2024-03-27 15:31 – Updated: 2024-08-12 15:41
VLAI
Title
Tenda FH1202 WriteFacMac formWriteFacMac command injection
Summary
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.258151 vdb-entrytechnical-description
https://vuldb.com/?ctiid.258151 signaturepermissions-required
https://vuldb.com/?submit.301273 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda FH1202 Affected: 1.2.0.14(408)
Create a notification for this product.
tenda fh1202_firmware Affected: 1.2.0.14\(408\)
    cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:*
Create a notification for this product.
Credits
wxhwxhwxh_tutu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-258151 | Tenda FH1202 WriteFacMac formWriteFacMac command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.258151"
          },
          {
            "name": "VDB-258151 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.258151"
          },
          {
            "name": "Submit #301273 | Tenda FH1202 V1.2.0.14(408) command injection",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.301273"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1202_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.0.14\\(408\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2982",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-08T20:43:46.428960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T15:41:53.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FH1202",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0.14(408)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_tutu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.2,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T15:31:03.713Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-258151 | Tenda FH1202 WriteFacMac formWriteFacMac command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.258151"
        },
        {
          "name": "VDB-258151 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.258151"
        },
        {
          "name": "Submit #301273 | Tenda FH1202 V1.2.0.14(408) command injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.301273"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-27T08:10:19.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1202 WriteFacMac formWriteFacMac command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2982",
    "datePublished": "2024-03-27T15:31:03.713Z",
    "dateReserved": "2024-03-27T07:04:11.196Z",
    "dateUpdated": "2024-08-12T15:41:53.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2947 (GCVE-0-2024-2947)

Vulnerability from cvelistv5 – Published: 2024-03-28 18:31 – Updated: 2025-11-20 19:07
VLAI
Title
Cockpit: command injection when deleting a sosreport with a crafted name
Summary
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
Affected: 270 , < * (semver)
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:310.4-1.el8_10 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:311.2-1.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Date Public
2024-03-27 00:00
Credits
Red Hat would like to thank xcuter (NAVER Cloud Security Analysis) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T17:32:00.346165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:32:13.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:3667",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3667"
          },
          {
            "name": "RHSA-2024:3843",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3843"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-2947"
          },
          {
            "name": "RHBZ#2271614",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271614"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNG7GXOZI6QH3OIQJYAYDB3CRRGH37Q5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3Q5SDIFACAY4VHACN5MMCMT3A53A3FB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQY2HGDJW2JY27ALTS4GEVZZJJ4XQ36/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cockpit-project/cockpit/",
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "270",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:310.4-1.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:311.2-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:311.2-1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank xcuter (NAVER Cloud Security Analysis) for reporting this issue."
        }
      ],
      "datePublic": "2024-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T19:07:19.457Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:3667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3667"
        },
        {
          "name": "RHSA-2024:3843",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3843"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-2947"
        },
        {
          "name": "RHBZ#2271614",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271614"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-22T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Cockpit: command injection when deleting a sosreport with a crafted name",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not remove SOS reports with strange names from the Cockpit web interface."
        }
      ],
      "x_redhatCweChain": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-2947",
    "datePublished": "2024-03-28T18:31:59.249Z",
    "dateReserved": "2024-03-26T16:48:38.370Z",
    "dateUpdated": "2025-11-20T19:07:19.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Mitigation
Implementation

If possible, ensure that all external commands called from the program are statically created.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Operation

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Mitigation
System Configuration

Assign permissions that prevent the user from accessing/opening privileged files.

CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.