Lucene search

K
osvGoogleOSV:CVE-2024-28114
HistoryMar 12, 2024 - 8:15 p.m.

CVE-2024-28114

2024-03-1220:15:08
Google
osv.dev
7
peering manager
bgp session management
server side template injection
remote code execution
upgrade

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for OSV:CVE-2024-28114