Lucene search

CarrierCVELIST:CVE-2024-2422

HistoryMay 30, 2024 - 5:26 p.m.

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

2024-05-3017:26:12

CWE-88

Carrier

www.cve.org

cve-2024-2422

lenels2

netbox

rce

authenticated

command execution

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetBox",
    "vendor": "LenelS2",
    "versions": [
      {
        "lessThanOrEqual": "5.6.1",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-2422