CVE-2024-48659

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

An issue in DCME-320-L versions 9.3.2.114 and earlier allows a remote attacker to execute arbitrary code via the log_u_umount.php component. This vulnerability is classified as a Command Injection (CWE-77) issue, which involves improper neutralization of special elements used in a command.

Impact

This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 out of 10. The impact is severe across all three main security aspects: 1. Confidentiality: High impact, potentially allowing attackers to access sensitive information. 2. Integrity: High impact, enabling attackers to modify or manipulate data. 3. Availability: High impact, possibly leading to system disruption or denial of service. The vulnerability requires no user interaction and can be exploited remotely over the network without any privileges, making it easily exploitable. Given its nature as a command injection vulnerability, attackers could potentially execute arbitrary commands on the affected system, leading to full system compromise.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch for this vulnerability is not explicitly mentioned in the provided information. However, given that the vulnerability affects DCME-320-L versions 9.3.2.114 and earlier, it's likely that a patched version higher than 9.3.2.114 may be available or forthcoming. The security team should check with the vendor for the latest security updates.

Mitigation

1. Immediately identify and inventory all DCME-320-L devices in the network, focusing on versions 9.3.2.114 and earlier. 2. Prioritize patching these devices as soon as a fix is available from the vendor due to the critical nature of the vulnerability. 3. If immediate patching is not possible, consider implementing network segmentation to isolate affected devices. 4. Deploy web application firewalls (WAF) or intrusion prevention systems (IPS) with rules to detect and block command injection attempts. 5. Monitor logs of affected devices for any suspicious activities, especially those related to the log_u_umount.php component. 6. Implement strict input validation and sanitization on all user-controllable inputs, particularly those that interact with the affected component. 7. Apply the principle of least privilege to limit the potential impact of successful exploits. 8. Regularly scan for and address vulnerabilities in network-exposed devices and applications.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48659

Oct 21, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48659. See article

Oct 21, 2024 at 8:24 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 10:47 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 22, 2024 at 6:40 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 22, 2024 at 6:48 PM
Static CVE Timeline Graph

Attack Patterns

CAPEC-136: LDAP Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI