CVE-2024-47254

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.4 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11

Configurations

Configuration 1 (hide)

cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-05 10:20

Updated : 2024-11-07 12:15

NVD link : CVE-2024-47254

Mitre link : CVE-2024-47254

CVE.ORG link : CVE-2024-47254

JSON object : View

Products Affected

2n

access_commander

CWE

CWE-345

Insufficient Verification of Data Authenticity

NVD-CWE-noinfo

{"id": "CVE-2024-47254", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-11-05T10:20:04.843", "references": [{"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11", "source": "product-security@axis.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "product-security@axis.com", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system."}, {"lang": "es", "value": "En las versiones 3.1.1.2 y anteriores de 2N Access Commander, una vulnerabilidad de verificaci\u00f3n insuficiente de la autenticidad de los datos podr\u00eda permitir que un atacante aumente sus privilegios y obtenga acceso de root al sistema."}], "lastModified": "2024-11-07T12:15:24.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A7B866-FF8F-4CA9-A34C-78D361E21730", "versionEndIncluding": "3.1.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}