Lucene search

[email protected]CVE-2024-33844

HistoryMay 03, 2024 - 3:15 p.m.

CVE-2024-33844

2024-05-0315:15:08

[email protected]

web.nvd.nist.gov

parrot anafi

firmware vulnerability

connection cutoff

cve-2024-33844

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

The ‘control’ in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

Affected configurations

NVD

Node

parrotanafi_firmwareMatch1.10.4

CPENameOperatorVersion
parrot:anafi_firmwareparrot anafi firmwareeq1.10.4

CPE	Name	Operator	Version
parrot:anafi_firmware	parrot anafi firmware	eq	1.10.4

References

anafi.com

nvd-cwe-other.com

forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501

forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

Related for CVE-2024-33844

cvelist1 nvd1