CVE-2024-31843

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31843
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.gruppotim.it/it/footer/red-team.html
Configurations

No configuration.

History

No history.

Information

Published : 2024-05-23 19:16

Updated : 2024-07-03 01:55

NVD link : CVE-2024-31843

Mitre link : CVE-2024-31843

CVE.ORG link : CVE-2024-31843

JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')