Lucene search

HpeVULNRICHMENT:CVE-2024-6206

HistoryJun 25, 2024 - 8:05 p.m.

CVE-2024-6206

2024-06-2520:05:26

hpe

github.com

hpe athonet

code injection

privilege escalation

takeover

container.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hpe:hpe_athonet_mobile_care:1.23.4.2:*:*:*:*:*:*:*"
    ],
    "vendor": "hpe",
    "product": "hpe_athonet_mobile_care",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "1.23.4.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6206