Lucene search

HpeCVELIST:CVE-2024-6206

HistoryJun 25, 2024 - 8:05 p.m.

CVE-2024-6206

2024-06-2520:05:26

hpe

www.cve.org

security vulnerability

hpe athonet mobile core

code injection

arbitrary commands

privilege escalation

complete takeover

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "HPE Athonet Mobile Core",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=1.23.4.2",
        "status": "affected",
        "version": "Athonet Core 1.23.4.2 and below",
        "versionType": "semver"
      }
    ]
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-6206