CVE-2024-5421
Authenticated Command Injection
Severity Score
8.7
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Falta la validación de entrada y la integración de comandos del sistema operativo de la entrada en utnserver Pro, utnserver ProMAX, la interfaz web INU-100 permite la inyección de comandos autenticados. Este problema afecta a utnserver Pro, utnserver ProMAX, INU-100 versión 20.1.22 y versiones anteriores.
SEH utnserver Pro/ProMAX and INU-100 version 20.1.22 suffers from cross site scripting, denial of service, and file disclosure vulnerabilities.
*Credits:
T. Weber
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-27 CVE Reserved
- 2024-06-04 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
- CAPEC-88: OS Command Injection
References (2)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2024/Jun/4 |
|
|
| https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SEH Computertechnik Search vendor "SEH Computertechnik" | Utnserver Pro Search vendor "SEH Computertechnik" for product "Utnserver Pro" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "Utnserver Pro" and version " <= 20.1.22" | en |
Affected
| ||||||
| SEH Computertechnik Search vendor "SEH Computertechnik" | Utnserver ProMAX Search vendor "SEH Computertechnik" for product "Utnserver ProMAX" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "Utnserver ProMAX" and version " <= 20.1.22" | en |
Affected
| ||||||
| SEH Computertechnik Search vendor "SEH Computertechnik" | INU-100 Search vendor "SEH Computertechnik" for product "INU-100" | <= 20.1.22 Search vendor "SEH Computertechnik" for product "INU-100" and version " <= 20.1.22" | en |
Affected
| ||||||