Description

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

Related CPE's

Could not find any relations

References

https://eviden.com

https://support.bull.com/ols/product/security/psirt/security-bulletins/multiple-critical-vulnerabilities-in-icare-psirt-625-tlp-clear-version-0-7-cve-2024-42017/view

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-306

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-09-30T16:15:05.827Z

1 year ago

Last modified

2024-10-29T14:35:30.713Z

1 year ago