Action not permitted
Modal body text goes here.
Modal Title
Modal Body
fkie_cve-2024-31408
Vulnerability from fkie_nvd
Published
2024-11-22 02:15
Modified
2024-11-22 02:15
Severity ?
Summary
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.", }, { lang: "es", value: "Existe una vulnerabilidad de inyección de comandos del sistema operativo en AIPHONE IX SYSTEM y IXG SYSTEM. Un atacante autenticado adyacente a la red puede ejecutar un comando del sistema operativo arbitrario con privilegios de superusuario enviando una solicitud especialmente manipulada.", }, ], id: "CVE-2024-31408", lastModified: "2024-11-22T02:15:19.480", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "vultures@jpcert.or.jp", type: "Secondary", }, ], }, published: "2024-11-22T02:15:19.480", references: [ { source: "vultures@jpcert.or.jp", url: "https://jvn.jp/en/jp/JVN41397971/", }, { source: "vultures@jpcert.or.jp", url: "https://www.aiphone.net/important/20241016_1/", }, { source: "vultures@jpcert.or.jp", url: "https://www.aiphone.net/important/20241016_2/", }, { source: "vultures@jpcert.or.jp", url: "https://www.aiphone.net/support/software-documents/ix/", }, { source: "vultures@jpcert.or.jp", url: "https://www.aiphone.net/support/software-documents/ixg/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "vultures@jpcert.or.jp", type: "Primary", }, ], }
cve-2024-31408
Vulnerability from cvelistv5
Published
2024-11-22 00:10
Modified
2024-12-05 20:44
Severity ?
EPSS score ?
Summary
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | AIPHONE CO., LTD. | IX-MV |
Version: firmware Ver.7.10 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31408", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T20:39:22.522031Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T20:44:27.398Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "IX-MV", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-HB", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-HBT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-HW", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-HWT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-HW-JP", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-B", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-BT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-W", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-MV7-WT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DAU", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DB", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DBT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-EA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-EAT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-EAU", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DV", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVF", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVF-P", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVF-L", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVM", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-DU", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVF-RA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-DVF-2RA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-BA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-BAU", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-BB", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-BBT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-FA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-SSA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-SS-2G", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-SS-2GT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-SS-2G-N", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-BU", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-SSA-RA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-SSA-2RA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.11 and earlier", }, ], }, { product: "IX-RS-B", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-RS-BT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-RS-W", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-RS-WT", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IXW-MA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IX-SPMIC", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.7.10 and earlier", }, ], }, { product: "IXG-2C7", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.01 and earlier", }, ], }, { product: "IXG-2C7-L", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.01 and earlier", }, ], }, { product: "IXG-DM7", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, { product: "IXG-DM7-HID", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, { product: "IXG-DM7-HIDA", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, { product: "IXG-DM7-10K", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, { product: "IXG-MK", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, { product: "IXGW-GW", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.01 and earlier", }, ], }, { product: "IXGW-TGW", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.01 and earlier", }, ], }, { product: "IXGW-LC", vendor: "AIPHONE CO., LTD.", versions: [ { status: "affected", version: "firmware Ver.3.00 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.", }, ], metrics: [ { cvssV3_0: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Improper neutralization of special elements used in an OS command ('OS Command Injection')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T00:10:50.954Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.aiphone.net/important/20241016_1/", }, { url: "https://www.aiphone.net/important/20241016_2/", }, { url: "https://www.aiphone.net/support/software-documents/ix/", }, { url: "https://www.aiphone.net/support/software-documents/ixg/", }, { url: "https://jvn.jp/en/jp/JVN41397971/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-31408", datePublished: "2024-11-22T00:10:50.954Z", dateReserved: "2024-09-26T01:39:39.689Z", dateUpdated: "2024-12-05T20:44:27.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.