Lucene search

VulnCheckVULNRICHMENT:CVE-2024-0840

HistoryApr 29, 2024 - 6:42 p.m.

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

2024-04-2918:42:57

CWE-141

VulnCheck

github.com

grandstream ucm series

ip pbx

http

parameter injection

cve-2024-0840

vulnerability

firmware

remote

authenticated

attack

arbitrary code

crafted request

default credentials

ucm6202

ucm6204

ucm6208

ucm6510

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "UCM Series",
    "vendor": "Grandstream",
    "versions": [
      {
        "lessThan": "<1.0.20.52",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

vulncheck.com/advisories/grand-stream-param-injection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-0840