CVE-2024-43649
Vulnerability from cvelistv5
Published
2025-01-09 07:56
Modified
2025-03-11 13:07
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y
Summary
Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to "pivot" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).
References
csirt@divd.nlhttps://csirt.divd.nl/CVE-2024-43649/
csirt@divd.nlhttps://csirt.divd.nl/DIVD-2024-00035/
csirt@divd.nlhttps://iocharger.com
Impacted products
Vendor Product Version
Iocharger Iocharger firmware for AC models Version: 0   < 24120701
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-43649",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-09T14:35:10.473442Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-09T14:36:23.194Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Iocharger firmware for AC models",
               vendor: "Iocharger",
               versions: [
                  {
                     lessThan: "24120701",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Wilco van Beijnum",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Harm van den Brink (DIVD)",
            },
            {
               lang: "en",
               type: "analyst",
               value: "Frank Breedijk (DIVD)",
            },
         ],
         datePublic: "2025-01-09T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Authenticated command injection in the filename of a &lt;redacted&gt;.exe request leads to remote code execution as the root user.<br><br>This issue affects Iocharger firmware for AC models before version 24120701.<br><br>Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all &lt;redacted&gt; fields. The attacker will also need a (low privilege) account to gain access to the &lt;redacted&gt; binary, or convince a user with such access to execute a payload.<br><br>Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.<br><br>CVSS clarification:&nbsp;This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \"pivot\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).",
                  },
               ],
               value: "Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user.\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\n\nImpact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification: This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \"pivot\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-88",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-88 OS Command Injection",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "YES",
                  Recovery: "NOT_DEFINED",
                  Safety: "PRESENT",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 9.3,
                  baseSeverity: "CRITICAL",
                  privilegesRequired: "LOW",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "HIGH",
                  subConfidentialityImpact: "LOW",
                  subIntegrityImpact: "LOW",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-250",
                     description: "CWE-250: Execution with Unnecessary Privileges",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     description: "OWASP-A03: Injection",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-11T13:07:05.672Z",
            orgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
            shortName: "DIVD",
         },
         references: [
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/DIVD-2024-00035/",
            },
            {
               tags: [
                  "third-party-advisory",
               ],
               url: "https://csirt.divd.nl/CVE-2024-43649/",
            },
            {
               tags: [
                  "product",
               ],
               url: "https://iocharger.com",
            },
         ],
         source: {
            advisory: "DIVD-2024-00035",
            discovery: "EXTERNAL",
         },
         title: "Authenticated command injection via <redacted>.exe <redacted> parameter",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b87402ff-ae37-4194-9dae-31abdbd6f217",
      assignerShortName: "DIVD",
      cveId: "CVE-2024-43649",
      datePublished: "2025-01-09T07:56:46.982Z",
      dateReserved: "2024-08-14T09:27:41.767Z",
      dateUpdated: "2025-03-11T13:07:05.672Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-43649\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-01-09T08:15:27.233\",\"lastModified\":\"2025-01-09T15:15:16.173\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user.\\n\\nThis issue affects Iocharger firmware for AC models before version 24120701.\\n\\nLikelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\\n\\nImpact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\\n\\nCVSS clarification: This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \\\"pivot\\\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).\"},{\"lang\":\"es\",\"value\":\"La inyección de comandos autenticados en el nombre de archivo de una solicitud .exe conduce a la ejecución remota de código como usuario superusuario. Este problema afecta al firmware de Iocharger para modelos AC anteriores a la versión 24120701. Probabilidad: moderada: esta acción no es un lugar común para que se produzcan vulnerabilidades de inyección de comandos. Por lo tanto, es probable que un atacante solo pueda encontrar esta vulnerabilidad mediante ingeniería inversa del firmware o probándola en todos los campos . El atacante también necesitará una cuenta (con privilegios bajos) para obtener acceso al binario  o convencer a un usuario con dicho acceso para que ejecute un payload. Impacto: crítico: el atacante tiene control total sobre la estación de carga como usuario raíz y puede agregar, modificar y eliminar archivos y servicios de forma arbitraria. Aclaración de CVSS: este ataque se puede realizar a través de cualquier conexión de red que brinde servicio a la interfaz web (AV:N) y no hay medidas de mitigación adicionales que deban eludirse (AC:L) u otros requisitos previos (AT:N). El ataque requiere privilegios, pero el nivel no importa (PR:L), no se requiere interacción del usuario (UI:N). El ataque lleva a un cargador totalmente comprometido (VC:H/VI:H/VA:H) y un cargador comprometido puede usarse para \\\"pivotar\\\" hacia redes que normalmente no deberían ser accesibles (SC:L/SI:L/SA:H). Debido a que se trata de cargadores de vehículos eléctricos con una potencia significativa, existe un posible impacto en la seguridad (S:P). Este ataque puede automatizarse (AU:Y).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"LOW\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"PRESENT\",\"automatable\":\"YES\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2024-43649/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2024-00035/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://iocharger.com\",\"source\":\"csirt@divd.nl\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43649\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-09T14:35:10.473442Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-09T14:36:16.749Z\"}}], \"cna\": {\"title\": \"Authenticated command injection via <redacted>.exe <redacted> parameter\", \"source\": {\"advisory\": \"DIVD-2024-00035\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wilco van Beijnum\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Harm van den Brink (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Frank Breedijk (DIVD)\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/S:P/AU:Y\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Iocharger\", \"product\": \"Iocharger firmware for AC models\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"24120701\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://csirt.divd.nl/DIVD-2024-00035/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://csirt.divd.nl/CVE-2024-43649/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://iocharger.com\", \"tags\": [\"product\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user.\\n\\nThis issue affects Iocharger firmware for AC models before version 24120701.\\n\\nLikelihood: Moderate \\u2013 This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\\n\\nImpact: Critical \\u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\\n\\nCVSS clarification:\\u00a0This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \\\"pivot\\\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Authenticated command injection in the filename of a &lt;redacted&gt;.exe request leads to remote code execution as the root user.<br><br>This issue affects Iocharger firmware for AC models before version 24120701.<br><br>Likelihood: Moderate \\u2013 This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all &lt;redacted&gt; fields. The attacker will also need a (low privilege) account to gain access to the &lt;redacted&gt; binary, or convince a user with such access to execute a payload.<br><br>Impact: Critical \\u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.<br><br>CVSS clarification:&nbsp;This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \\\"pivot\\\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y).\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"CWE-250: Execution with Unnecessary Privileges\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"OWASP-A03: Injection\"}]}], \"providerMetadata\": {\"orgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"shortName\": \"DIVD\", \"dateUpdated\": \"2025-03-11T13:07:05.672Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-43649\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T13:07:05.672Z\", \"dateReserved\": \"2024-08-14T09:27:41.767Z\", \"assignerOrgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"datePublished\": \"2025-01-09T07:56:46.982Z\", \"assignerShortName\": \"DIVD\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.