CVE-2024-32632 - Vulnerability Details - OpenCVE

ReportizFlow

A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.asrmicro.com/en/goods/psirt?cid=38

History

No history.

MITRE

Status: PUBLISHED

Assigner: ASR

Published: 2024-04-16T08:51:39.886Z

Updated: 2024-08-02T02:13:40.096Z

Reserved: 2024-04-16T07:47:46.565Z

Link: CVE-2024-32632

Vulnrichment

Updated: 2024-05-13T19:03:48.539Z

NVD

Status : Awaiting Analysis

Published: 2024-04-16T09:15:08.080

Modified: 2024-11-21T09:15:21.827

Link: CVE-2024-32632

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32632", "assignerOrgId": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "state": "PUBLISHED", "assignerShortName": "ASR", "dateReserved": "2024-04-16T07:47:46.565Z", "datePublished": "2024-04-16T08:51:39.886Z", "dateUpdated": "2024-08-02T02:13:40.096Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "RTOS"], "product": "Falcon/Crane", "vendor": "ASR", "versions": [{"lessThan": "CP01.057.067", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access"}], "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-686", "description": "CWE-686 Function Call with Incorrect Argument Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "shortName": "ASR", "dateUpdated": "2024-04-16T08:51:39.886Z"}, "references": [{"url": "https://www.asrmicro.com/en/goods/psirt?cid=38"}], "source": {"discovery": "UNKNOWN"}, "title": "Printf arg type mismatch in ATCMD", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:03:18.623281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:17.670Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:40.096Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.asrmicro.com/en/goods/psirt?cid=38", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32632", "assignerOrgId": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "state": "PUBLISHED", "assignerShortName": "ASR", "dateReserved": "2024-04-16T07:47:46.565Z", "datePublished": "2024-04-16T08:51:39.886Z", "dateUpdated": "2024-06-04T17:52:17.670Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "RTOS"], "product": "Falcon/Crane", "vendor": "ASR", "versions": [{"lessThan": "CP01.057.067", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access"}], "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-686", "description": "CWE-686 Function Call with Incorrect Argument Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "shortName": "ASR", "dateUpdated": "2024-04-16T08:51:39.886Z"}, "references": [{"url": "https://www.asrmicro.com/en/goods/psirt?cid=38"}], "source": {"discovery": "UNKNOWN"}, "title": "Printf arg type mismatch in ATCMD", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:03:18.623281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T19:03:48.539Z"}, "title": "CISA ADP Vulnrichment"}]}}