CVE-2024-2422
CVE-2024-2422
9.3
CriticalPublished:
Last updated:
Source:productsecurity@carrier.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
References
productsecurity@carrier.com
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01productsecurity@carrier.com
https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdfaf854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01af854a3a-2127-422b-91ae-364da2661108
https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf