CVE-2024-31843

{"id": "CVE-2024-31843", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.7}]}, "published": "2024-05-23T19:16:01.210", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Italtel Embrace 1.6.4. La aplicaci\u00f3n web no verifica adecuadamente los par\u00e1metros enviados como entrada antes de procesarlos en el lado del servidor. Esto permite a los usuarios autenticados ejecutar comandos en el sistema operativo."}], "lastModified": "2025-05-21T18:18:40.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3469B5CE-AB48-497A-94DF-820F97DB88B3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}