Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Game Extension Engine by vivo

    CVE-2024-46939 (GCVE-0-2024-46939)

    Vulnerability from nvd – Published: 2024-11-28 03:26 – Updated: 2024-12-02 11:19
    VLAI
    Title
    Game Extension Engine Path Traversal Vulnerability
    Summary
    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    Impacted products
    Vendor Product Version
    vivo Game Extension Engine Affected: versions below 1.2.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-46939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T11:17:13.728354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T11:19:36.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Game Extension Engine",
              "vendor": "vivo",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions below 1.2.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u0026nbsp;local specific files\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u00a0local specific files"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:N/R:A/V:D",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-28T03:26:28.929Z",
            "orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
            "shortName": "Vivo"
          },
          "references": [
            {
              "url": "https://www.vivo.com/en/support/security-advisory-detail?id=13"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Game Extension Engine Path Traversal Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
        "assignerShortName": "Vivo",
        "cveId": "CVE-2024-46939",
        "datePublished": "2024-11-28T03:26:28.929Z",
        "dateReserved": "2024-09-15T22:07:33.094Z",
        "dateUpdated": "2024-12-02T11:19:36.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-46939 (GCVE-0-2024-46939)

    Vulnerability from cvelistv5 – Published: 2024-11-28 03:26 – Updated: 2024-12-02 11:19
    VLAI
    Title
    Game Extension Engine Path Traversal Vulnerability
    Summary
    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    Impacted products
    Vendor Product Version
    vivo Game Extension Engine Affected: versions below 1.2.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-46939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T11:17:13.728354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T11:19:36.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Game Extension Engine",
              "vendor": "vivo",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions below 1.2.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u0026nbsp;local specific files\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u00a0local specific files"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:N/R:A/V:D",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-28T03:26:28.929Z",
            "orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
            "shortName": "Vivo"
          },
          "references": [
            {
              "url": "https://www.vivo.com/en/support/security-advisory-detail?id=13"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Game Extension Engine Path Traversal Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
        "assignerShortName": "Vivo",
        "cveId": "CVE-2024-46939",
        "datePublished": "2024-11-28T03:26:28.929Z",
        "dateReserved": "2024-09-15T22:07:33.094Z",
        "dateUpdated": "2024-12-02T11:19:36.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }