CVE-2024-0949

{"id": "CVE-2024-0949", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-06-27T10:15:13.013", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0808", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-1390"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-732"}, {"lang": "en", "value": "CWE-862"}, {"lang": "en", "value": "CWE-863"}, {"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68."}, {"lang": "es", "value": "Vulnerabilidades de control de acceso inadecuado, autorizaci\u00f3n faltante, autorizaci\u00f3n incorrecta, asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos, autenticaci\u00f3n faltante, autenticaci\u00f3n d\u00e9bil, restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoint previstos en Talya Informatics Elektraweb permiten explotar niveles de seguridad de control de acceso configurados incorrectamente, manipular la entrada web a las Llamadas al sistema de archivos, incrustaci\u00f3n de scripts dentro de scripts, inserci\u00f3n de l\u00f3gica maliciosa, modificaci\u00f3n de la configuraci\u00f3n del servicio de Windows, certificado ra\u00edz malicioso, intento de falsificaci\u00f3n , exposici\u00f3n de WebView, datos inyectados durante la configuraci\u00f3n, eliminaci\u00f3n incompleta de datos en un entorno multi tenant, instalaci\u00f3n de un nuevo servicio, modificaci\u00f3n de un servicio existente , Instalar Rootkit, Reemplazar controladores de extensi\u00f3n de archivos, Reemplazar ejecutable confiable, Modificar archivo compartido, Agregar archivo malicioso a Webroot compartido, Ejecutar software al iniciar sesi\u00f3n, Deshabilitar software de seguridad. Este problema afecta a Elektraweb: anterior a v17.0.68."}], "lastModified": "2024-06-27T12:47:19.847", "sourceIdentifier": "iletisim@usom.gov.tr"}