CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html

Configurations

No configuration.

History

08 Apr 2025, 05:15

Type	Values Removed	Values Added
References		() https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html - () https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html -
Summary	(en) Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.	(en) Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Information

Published : 2024-05-31 06:15

Updated : 2025-04-08 05:15

NVD link : CVE-2024-36246

Mitre link : CVE-2024-36246

CVE.ORG link : CVE-2024-36246

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-36246", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-05-31T06:15:12.407", "references": [{"url": "https://jvn.jp/en/jp/JVN17680667/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN17680667/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted."}, {"lang": "es", "value": "Existe una vulnerabilidad de autorizaci\u00f3n faltante en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos."}], "lastModified": "2025-04-08T05:15:37.590", "sourceIdentifier": "vultures@jpcert.or.jp"}