CVE-2024-3123

{"id": "CVE-2024-3123", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-07-01T05:15:04.973", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html", "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."}, {"lang": "es", "value": "CHANGING la funci\u00f3n de carga de Mobile One Time Password en una p\u00e1gina oculta no filtra el tipo de archivo correctamente. Los atacantes remotos con privilegios de administrador pueden aprovechar esta vulnerabilidad para cargar y ejecutar archivos maliciosos para ejecutar comandos del sistema."}], "lastModified": "2024-07-01T12:37:24.220", "sourceIdentifier": "twcert@cert.org.tw"}