Lucene search

INCIBECVELIST:CVE-2024-2599

HistoryMar 18, 2024 - 2:04 p.m.

CVE-2024-2599 Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++

2024-03-1814:04:15

CWE-434

INCIBE

www.cve.org

amss

vulnerability

file upload

rce

webshell

infrastructure

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AMSS++",
    "vendor": "Amssplus",
    "versions": [
      {
        "status": "affected",
        "version": "4.31"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-2599