Lucene search

CarrierCVE-2024-2422

HistoryMay 30, 2024 - 6:15 p.m.

CVE-2024-2422

2024-05-3018:15:09

CWE-88

Carrier

web.nvd.nist.gov

cve-2024-2422

lenels2

netbox

rce vulnerability

authenticated

versions

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetBox",
    "vendor": "LenelS2",
    "versions": [
      {
        "lessThanOrEqual": "5.6.1",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-2422