CVE-2024-43652

{"id": "CVE-2024-43652", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"safety": "PRESENT", "version": "4.0", "recovery": "USER", "baseScore": 9.3, "automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-01-09T08:15:27.757", "references": [{"url": "https://csirt.divd.nl/CVE-2024-43652/", "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2024-00035/", "source": "csirt@divd.nl"}, {"url": "https://iocharger.com", "source": "csirt@divd.nl"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC model chargers before version 24120701\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete\nfiles and services."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando ('Inyecci\u00f3n de comando') permite la inyecci\u00f3n de comandos del sistema operativo como superusuario este problema afecta al firmware de Iocharger para cargadores de modelos AC anteriores a la versi\u00f3n 24120701 Probabilidad: Moderada: el binario no parece ser utilizado por la interfaz web, por lo que podr\u00eda ser m\u00e1s dif\u00edcil de encontrar. Sin embargo, parece ser en gran medida el mismo binario que utiliza la estaci\u00f3n de carga de pedestal Iocharger. El atacante tambi\u00e9n necesitar\u00e1 una cuenta (con poco nivel de privilegios) para obtener acceso al binario o convencer a un usuario con dicho acceso para que ejecute una solicitud HTTP manipulada. Impacto: Cr\u00edtico: el atacante tiene control total sobre la estaci\u00f3n de carga como usuario superusuario y puede agregar, modificar y eliminar archivos y servicios de forma arbitraria."}], "lastModified": "2025-01-09T15:15:16.410", "sourceIdentifier": "csirt@divd.nl"}