4 results (0.006 seconds)

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. En las versiones 3.1.1.2 y anteriores de 2N Access Commander, un atacante local puede escalar sus privilegios en el sistema, lo que podría permitir la ejecución de código arbitrario con permisos de root. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system. En las versiones 3.1.1.2 y anteriores de 2N Access Commander, una vulnerabilidad de verificación insuficiente de la autenticidad de los datos podría permitir que un atacante aumente sus privilegios y obtenga acceso de root al sistema. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles. En las versiones 3.1.1.2 y anteriores de 2N Access Commander, una vulnerabilidad de path traversal podría permitir a un atacante escribir archivos en el sistema de archivos para lograr la ejecución remota de código arbitrario. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. En los dispositivos 2N Access Unit versión 2.0 2.31.0.40.5, un atacante puede hacerse pasar por el relé web para un ataque de tipo man-in-the-middle. • https://excellium-services.com/cert-xlm-advisory/cve-2021-31399 https://www.2n.cz/en_GB/products/ip-access-control/2n-access-unit-2 • CWE-295: Improper Certificate Validation •