CVE-2024-45274
Missing Authentication for Critical Function (CWE-306)
Summary
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
Impact
This vulnerability allows an attacker to execute operating system commands remotely without any authentication. The impact is severe, with high risks to confidentiality, integrity, and availability of the affected system. An attacker could potentially gain full control over the device, access sensitive information, modify system configurations, or disrupt services.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
Based on the provided information, there is no mention of an available patch.
Mitigation
While no specific mitigation is mentioned in the provided data, general recommendations would include: 1. Implement strong authentication mechanisms for all critical functions, especially those accessible via network protocols like UDP. 2. Apply network segmentation to limit access to affected devices. 3. Monitor for suspicious UDP traffic or unexpected command executions. 4. Keep systems and software up-to-date with the latest security patches when they become available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
Feedly found the first article mentioning CVE-2024-45274. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-45274
A CVSS base score of 9.8 has been assigned.
EPSS Score was set to: 0.09% (Percentile: 39.8%)