CVE-2024-39570

2024-07-0912:15:16

CWE-77

[email protected]

web.nvd.nist.gov

vulnerability

sinema remote connect server

input sanitation

command injection

vxlan configurations

authenticated attacker

arbitrary code

root privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.7%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.

Affected configurations

Nvd

Node

siemenssinema_remote_connect_serverRange<3.2

siemenssinema_remote_connect_serverMatch3.2-

VendorProductVersionCPE
siemenssinema_remote_connect_server*cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemenssinema_remote_connect_server3.2cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinema_remote_connect_server	*	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::
siemens	sinema_remote_connect_server	3.2	cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-::::::