Lucene search

MitreVULNRICHMENT:CVE-2024-33109

HistorySep 19, 2024 - 12:00 a.m.

CVE-2024-33109

2024-09-1900:00:00

mitre

github.com

cve-2024-33109

directory traversal

file overwrite

tiptel ip 286

firmware 2.61.13.10

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:ergophone:tiptel_ip_286_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ergophone",
    "product": "tiptel_ip_286_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.61.13.10"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

tiptel.com

www.bdosecurity.de/en-gb/advisories/cve-2024-33109

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-33109