CVE-2024-43663

{"id": "CVE-2024-43663", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 5.3, "automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-01-09T08:15:29.810", "references": [{"url": "https://csirt.divd.nl/CVE-2024-43663/", "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2024-00035/", "source": "csirt@divd.nl"}, {"url": "https://iocharger.com", "source": "csirt@divd.nl"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.\n\nLikelihood: High \u2013 Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities.\n\nImpact: Low \u2013 Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect\u00a0 this vulnerability to have a safety impact. The attack can be automated (AU:Y)."}, {"lang": "es", "value": "Existen muchas vulnerabilidades de desbordamiento de b\u00fafer presentes en varios binarios CGI de la estaci\u00f3n de carga. Este problema afecta al firmware de Iocharger para cargadores de modelos de CA anteriores a la versi\u00f3n 24120701. Probabilidad: Alta: dada la prevalencia de estos desbordamientos de b\u00fafer y el claro mensaje de error del servidor web, es muy probable que un atacante pueda encontrar estas vulnerabilidades. Impacto: Bajo: por lo general, el desbordamiento de uno de estos b\u00faferes solo provoca un error de segmentaci\u00f3n del binario CGI, lo que hace que el servidor web devuelva un error 502 Bad Gateway. Sin embargo, el servidor web en s\u00ed no se ve afectado y no se puede lograr ning\u00fan ataque de denegaci\u00f3n de servicio. Abusar de estos desbordamientos de b\u00fafer de una manera significativa requiere un alto nivel de conocimientos t\u00e9cnicos, especialmente porque ASLR tambi\u00e9n parece estar habilitado en la estaci\u00f3n de carga. Sin embargo, un atacante experto podr\u00eda ser capaz de utilizar uno de estos desbordamientos de b\u00fafer para obtener la ejecuci\u00f3n remota de c\u00f3digo. Aclaraci\u00f3n de CVSS. El ataque se puede ejecutar a trav\u00e9s de cualquier conexi\u00f3n de red que la estaci\u00f3n est\u00e9 escuchando y que sirva a la interfaz web (AV:N), y no existen medidas de seguridad adicionales que se deban eludir (AC:L), el ataque no depende de condiciones previas (AT:N). El ataque requiere autenticaci\u00f3n, pero el nivel de autenticaci\u00f3n es irrelevante (PR:L), no requiere interacci\u00f3n del usuario (UI:N). El ataque tiene un peque\u00f1o impacto en la disponibilidad del dispositivo (VC:N/VI:N/VA:L). No hay impacto en los sistemas posteriores (SC:N/SI:N/SA:N). Si bien este dispositivo es un cargador de veh\u00edculos el\u00e9ctricos que gestiona cantidades significativas de energ\u00eda, no esperamos que esta vulnerabilidad tenga un impacto en la seguridad. El ataque se puede automatizar (AU:Y)."}], "lastModified": "2025-01-09T15:15:18.173", "sourceIdentifier": "csirt@divd.nl"}