Lucene search

CarrierVULNRICHMENT:CVE-2024-2422

HistoryMay 30, 2024 - 5:26 p.m.

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

2024-05-3017:26:12

CWE-88

Carrier

github.com

lenels2

netbox

rce

vulnerability

versions 5.6.1

authenticated

execute

commands

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetBox",
    "vendor": "LenelS2",
    "versions": [
      {
        "lessThanOrEqual": "5.6.1",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-2422