Lucene search

[email protected]NVD:CVE-2024-41308

HistoryAug 07, 2024 - 4:15 p.m.

CVE-2024-41308

2024-08-0716:15:45

CWE-284

[email protected]

web.nvd.nist.gov

ping feature

enjay crm

root privileges

security issue

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Affected configurations

Nvd

Node

enjayworldenjay_crmMatch1.0

VendorProductVersionCPE
enjayworldenjay_crm1.0cpe:2.3:a:enjayworld:enjay_crm:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enjayworld	enjay_crm	1.0	cpe:2.3:a:enjayworld:enjay_crm:1.0:::::::*

References

the-it-wonders.blogspot.com/2024/07/enjay-crm-10-multiple-code-executions.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-41308

cvelist1 cve1 vulnrichment1