216.73.216.86

CVE-2024-47904

· Published 23/10/2024 15:15 · Modified 30/10/2024 15:39

Labels: CVE-2024-47904 2024-10-23CVE-2024-47904CWE-266NVD-CWE-noinfo[email protected]

Essential information

Published
23/10/2024 15:15
Modified
30/10/2024 15:39
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / intermesh 7177 hybrid 2.0 subscriber cpe:2.3:o:siemens:intermesh_7177_hybrid_2.0_subscriber:*:*:*:*:*:*:*:*
siemens / intermesh 7177 hybrid 2.0 subscriber cpe:2.3:h:siemens:intermesh_7177_hybrid_2.0_subscriber:-:*:*:*:*:*:*:*
siemens / intermesh 7707 fire subscriber firmware cpe:2.3:o:siemens:intermesh_7707_fire_subscriber_firmware:*:*:*:*:*:*:*:*
siemens / intermesh 7707 fire subscriber cpe:2.3:h:siemens:intermesh_7707_fire_subscriber:-:*:*:*:*:*:*:*

References