Lucene search
NCSC.chCVELIST:CVE-2024-2162HistoryMar 21, 2024 - 6:00 a.m.
CVE-2024-2162 Authenticated Remote Code Execution in Kiloview NDI N series products
2024-03-2106:00:35
CWE-78
NCSC.ch
www.cve.org
2
authenticated
remote code execution
kiloview ndi
command injection
vulnerability
low-privileged user
arbitrary code
firmware
version 2.02.0227
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
15.7%
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.
This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
CNA Affected
[
{
"defaultStatus": "affected",
"product": "NDI",
"vendor": "Kiloview",
"versions": [
{
"status": "unaffected",
"version": "N3 Firmware 2.02.0227"
},
{
"status": "unaffected",
"version": "N3-s Firmware 2.02.0227"
},
{
"status": "unaffected",
"version": "N4 Firmware 2.02.0227"
},
{
"status": "unaffected",
"version": "N20 Firmware 2.02.0227"
},
{
"status": "unaffected",
"version": "N30 Firmware 2.02.0227"
},
{
"status": "unaffected",
"version": "N40 Firmware 2.02.0227"
}
]
}
]References
Related
cve
cve
CVE-2024-2162
2024-03-21 06:15:47
nvd
nvd
CVE-2024-2162
2024-03-21 06:15:47
vulnrichment
vulnrichment
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
15.7%
Related for CVELIST:CVE-2024-2162