Lucene search
HistoryFeb 02, 2024 - 2:15 a.m.
CVE-2024-22899
cve-2024-22899
authenticated remote code execution
syncntptime
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
53.0%
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
Affected configurations
Node
vinchinvinchin_backup_and_recoveryRange≤7.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vinchin | vinchin_backup_and_recovery | * | cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-22899
2024-02-02 02:15:18
cvelist
cvelist
CVE-2024-22899
2024-02-02 00:00:00
zdt
zdt
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability
2024-01-29 00:00:00
packetstorm
packetstorm
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
2024-01-26 00:00:00
prion
prion
Remote code execution
2024-02-02 02:15:00
githubexploit
githubexploit
Exploit for CVE-2024-22899
2023-11-06 09:24:15
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
53.0%
Related for NVD:CVE-2024-22899