Lucene search

[email protected]NVD:CVE-2024-6206

HistoryJun 25, 2024 - 8:15 p.m.

CVE-2024-6206

2024-06-2520:15:14

CWE-94

[email protected]

web.nvd.nist.gov

security

vulnerability

hpe athonet mobile core software

code injection

system takeover

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.1%

JSON

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-6206

vulnrichment1 cvelist1 cve1