// For flags

CVE-2024-0315

Remote file inclusion vulnerability in FireEye Central Management

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

Vulnerabilidad de inclusión remota de archivos en FireEye Central Management que afecta a la versión 9.1.1.956704. Esta vulnerabilidad permite a un atacante cargar un archivo PDF malicioso en el sistema durante el proceso de creación del informe.

*Credits: Albert Sánchez Miñano
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-08 CVE Reserved
  • 2024-01-15 CVE Published
  • 2024-01-20 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fireeye
Search vendor "Fireeye"
 Central Management
Search vendor "Fireeye" for product "Central Management"
 9.1.1.956704
Search vendor "Fireeye" for product "Central Management" and version "9.1.1.956704"
-
Affected