Lucene search

MitreCVE-2024-41309

HistoryAug 07, 2024 - 4:15 p.m.

CVE-2024-41309

2024-08-0716:15:46

CWE-284

mitre

web.nvd.nist.gov

it solutions

enjay crm

hardware info

privilege escalation

security vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.5%

JSON

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Affected configurations

Nvd

Node

enjayworldenjay_crmMatch1.0

VendorProductVersionCPE
enjayworldenjay_crm1.0cpe:2.3:a:enjayworld:enjay_crm:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enjayworld	enjay_crm	1.0	cpe:2.3:a:enjayworld:enjay_crm:1.0:::::::*

References

the-it-wonders.blogspot.com/2024/07/enjay-crm-10-multiple-code-executions.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-41309