CVE-2024-45271

Improper Input Validation (CWE-20)

Published: Oct 15, 2024 / Updated: 35d ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

Summary

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.

Impact

This vulnerability allows a local attacker to escalate privileges to admin level without requiring authentication. The attacker can exploit this by deploying a maliciously crafted config file, taking advantage of improper input validation. This can lead to complete compromise of the system's confidentiality, integrity, and availability. The CVSS base score of 8.4 (High) indicates a severe vulnerability that requires immediate attention.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Based on the provided information, there is no mention of an available patch for this vulnerability.

Mitigation

1. Implement strict input validation for all config file deployments. 2. Apply the principle of least privilege, restricting local user permissions. 3. Monitor and audit all config file changes and deployments. 4. If possible, disable or restrict the ability to deploy config files for non-admin users. 5. Regularly update and patch the affected software as soon as a fix becomes available from the vendor (MBconnectline).

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-45271. See article

Oct 15, 2024 at 10:37 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 15, 2024 at 10:38 AM
CVE Assignment

NVD published the first details for CVE-2024-45271

Oct 15, 2024 at 11:15 AM
CVSS

A CVSS base score of 8.4 has been assigned.

Oct 15, 2024 at 11:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 15, 2024 at 3:30 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 22.5%)

Oct 16, 2024 at 9:57 AM
CVSS

A CVSS base score of 7.8 has been assigned.

Oct 21, 2024 at 7:25 PM / nvd
Static CVE Timeline Graph

Affected Systems

Mbconnectline/mbnet.mini_firmware
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Germany’s CERT@VDE reports critical flaws in mbNET.mini and Helmholz industrial routers
Germany’s CERT@VDE is reporting several critical and high-severity vulnerabilities in industrial routers, affecting the mbNET.mini from MB Connect Line and Helmholz's REX100 . CVE-2024-45274 (CVSS score 9.8) - Allows unauthenticated remote attackers to execute arbitrary OS commands due to missing authentication.
Critical Vulnerabilities Found in mbNET.mini Industrial Routers Could Allow for Full System Takeover
Summary: A security advisory from CERT@VDE has disclosed multiple critical vulnerabilities in the mbNET.mini industrial router, which could allow remote code execution and unauthorized access to industrial systems. The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access.
Security Bulletin 16 Oct 2024 - Cyber Security Agency of Singapore
https:// nvd . nist .gov/vuln/detail/ CVE -2024-9985. CVE -2024-47875, DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML ...
Critical Vulnerabilities Found in mbNET.mini Industrial Routers Could Allow for Full System Takeover
The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access. CVE-2024-45276 (CVSS 7.5): Attackers can gain unauthorized read access to files stored in the “/tmp” directory, potentially leaking sensitive data.
Helmholz REX100 Industrial Routers Found Vulnerable to Critical Security Exploits [ics] [net]
Vulnerabilities in Helmholz REX100 industrial routers allow unauthorized access and remote code execution, with firmware version 2.3.1 released to address the issues.
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI