Lucene search

K
cvelistGitHub_MCVELIST:CVE-2024-28114
HistoryMar 12, 2024 - 7:58 p.m.

CVE-2024-28114 Remote Code Execution using Server Side Template Injection in Peering Manager

2024-03-1219:58:39
CWE-74
GitHub_M
www.cve.org
cve-2024-28114
rce
peering manager
server side template injection
version 1.8.2
operating system

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

15.5%

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "peering-manager",
    "product": "peering-manager",
    "versions": [
      {
        "version": "< 1.8.3",
        "status": "affected"
      }
    ]
  }
]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

15.5%

Related for CVELIST:CVE-2024-28114