Lucene search

HpeCVE-2024-6206

HistoryJun 25, 2024 - 8:15 p.m.

CVE-2024-6206

2024-06-2520:15:14

CWE-94

hpe

web.nvd.nist.gov

security vulnerability

hpe athonet

code injection

privilege escalation

complete takeover

threat actor

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.1%

JSON

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "HPE Athonet Mobile Core",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=1.23.4.2",
        "status": "affected",
        "version": "Athonet Core 1.23.4.2 and below",
        "versionType": "semver"
      }
    ]
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-6206