Veracode Vulnerability DatabaseVERACODE:44270Remote Code Execution (RCE)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.8%
vantage6_node is vulnerable to Remote Code Execution (RCE). The system fails to validate the execution of a child task if it has a specified parent task ID which could be exploited by an attacker who gains unauthorized access to the system. By setting a fake parent task ID for a malicious task, the attacker is able to bypass the usual security checks and execute the task without restriction. The parent task ID effectively circumvents the validation process, allowing the execution of non-whitelisted algorithms.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vantage6-node | le | 4.1.1 | |
| vantage6-node | le | 4.1.1 |
References
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.8%