CVE-2024-51115

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.

Impact

This vulnerability allows an attacker to execute arbitrary commands on the affected system. Given the CVSS score of 9.8 and the impact ratings of HIGH for confidentiality, integrity, and availability, this vulnerability can lead to a complete compromise of the system's confidentiality, integrity, and availability. An attacker could potentially gain full control over the affected device, steal sensitive information, modify or delete data, or disrupt system operations.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

There is no information provided about an available patch for this vulnerability.

Mitigation

While no specific mitigation is provided, general recommendations for command injection vulnerabilities include: 1. Update to a patched version if available. 2. Implement input validation and sanitization to prevent malicious commands. 3. Use parameterized queries or prepared statements when interacting with the system. 4. Apply the principle of least privilege to limit the potential impact of successful attacks. 5. Implement network segmentation to restrict access to the affected systems. 6. Monitor for suspicious activities or unauthorized command executions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51115

Nov 5, 2024 at 11:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51115. See article

Nov 5, 2024 at 11:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 11:31 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 10:26 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 6, 2024 at 5:40 PM / nvd
Static CVE Timeline Graph

Attack Patterns

CAPEC-136: LDAP Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI