Lucene search

[email protected]NVD:CVE-2024-40895

HistoryJul 30, 2024 - 9:15 a.m.

CVE-2024-40895

2024-07-3009:15:03

CWE-78

[email protected]

web.nvd.nist.gov

ffri amc

remote code execution

vulnerability

command execution

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

EPSS

0.001

Percentile

16.3%

JSON

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.

References

jvn.jp/en/jp/JVN26734798/

www.ffri.jp/assets/files/other_docs/20240729.pdf

www.skyseaclientview.net/news/240729_01/

www.support.nec.co.jp/View.aspx?id=3140109694

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

EPSS

0.001

Percentile

16.3%

JSON

Related for NVD:CVE-2024-40895

vulnrichment1 jvn1 cve1 cvelist1