Lucene search

[email protected]NVD:CVE-2024-41309

HistoryAug 07, 2024 - 4:15 p.m.

CVE-2024-41309

2024-08-0716:15:46

CWE-284

[email protected]

web.nvd.nist.gov

vulnerability

it solutions enjay crm

hardware info

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.

Affected configurations

Nvd

Node

enjayworldenjay_crmMatch1.0

VendorProductVersionCPE
enjayworldenjay_crm1.0cpe:2.3:a:enjayworld:enjay_crm:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enjayworld	enjay_crm	1.0	cpe:2.3:a:enjayworld:enjay_crm:1.0:::::::*

References

the-it-wonders.blogspot.com/2024/07/enjay-crm-10-multiple-code-executions.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-41309

cvelist1 vulnrichment1 cve1