Detections
Analytics

CVE-2024-9166

critical

Description

The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03

Details

Source: Mitre, NVD

Published: 2024-09-26

Updated: 2024-09-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical