Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.
History

Fri, 29 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Nec Corporation
Nec Corporation univerge 1x
Nec Corporation univerge 1x-r\/ix-v
CPEs cpe:2.3:a:nec_corporation:univerge_1x-r\/ix-v:*:*:*:*:*:*:*:*
cpe:2.3:a:nec_corporation:univerge_1x:*:*:*:*:*:*:*:*
Vendors & Products Nec Corporation
Nec Corporation univerge 1x
Nec Corporation univerge 1x-r\/ix-v
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Description Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2024-11-29T08:03:07.458Z

Updated: 2024-11-29T13:40:11.027Z

Reserved: 2024-11-08T02:59:55.534Z

Link: CVE-2024-11013

cve-icon Vulnrichment

Updated: 2024-11-29T13:40:04.332Z

cve-icon NVD

Status : Received

Published: 2024-11-29T08:15:03.923

Modified: 2024-11-29T08:15:03.923

Link: CVE-2024-11013

cve-icon Redhat

No data.