Lucene search

K
cve[email protected]CVE-2024-28114
HistoryMar 12, 2024 - 8:15 p.m.

CVE-2024-28114

2024-03-1220:15:08
CWE-74
web.nvd.nist.gov
33
cve-2024-28114
peering manager
bgp
rce
server side template injection
cve
nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

15.5%

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Vulners
Node
peering-managerpeering_managerRange<1.8.3

CNA Affected

[
  {
    "vendor": "peering-manager",
    "product": "peering-manager",
    "versions": [
      {
        "version": "< 1.8.3",
        "status": "affected"
      }
    ]
  }
]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

15.5%

Related for CVE-2024-28114