216.73.216.36

CVE-2024-47902

· Published 23/10/2024 15:15 · Modified 30/10/2024 15:48

Labels: CVE-2024-47902 2024-10-23CVE-2024-47902CWE-306[email protected]

Essential information

Published
23/10/2024 15:15
Modified
30/10/2024 15:48
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / intermesh 7177 hybrid 2.0 subscriber cpe:2.3:o:siemens:intermesh_7177_hybrid_2.0_subscriber:*:*:*:*:*:*:*:*
siemens / intermesh 7177 hybrid 2.0 subscriber cpe:2.3:h:siemens:intermesh_7177_hybrid_2.0_subscriber:-:*:*:*:*:*:*:*
siemens / intermesh 7707 fire subscriber firmware cpe:2.3:o:siemens:intermesh_7707_fire_subscriber_firmware:*:*:*:*:*:*:*:*
siemens / intermesh 7707 fire subscriber cpe:2.3:h:siemens:intermesh_7707_fire_subscriber:-:*:*:*:*:*:*:*

References