CWE-267
AllowedPrivilege Defined With Unsafe Actions
Abstraction: Base · Status: Incomplete
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
102 vulnerabilities reference this CWE, most recent first.
CVE-2025-41244 (GCVE-0-2025-41244)
Vulnerability from cvelistv5 – Published: 2025-09-29 16:09 – Updated: 2026-02-26 17:47| URL | Tags |
|---|---|
| http://support.broadcom.com/group/ecx/support-con… | |
| https://blog.nviso.eu/2025/09/29/you-name-it-vmwa… | exploittechnical-description |
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| https://lists.debian.org/debian-lts-announce/2025… | |
| http://www.openwall.com/lists/oss-security/2025/0… |
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | VCF operations |
Affected:
9.0.x , < 9.0.1.0
(commercial)
|
|
| VMware | VMware tools |
Affected:
13.x.x.x , < 13.0.5.0
(commercial)
Affected: 12.5.x , < 12.5.4 (commercial) |
|
| VMware | VMware Aria Operations |
Affected:
8.18.x , < 8.18.5
(commercial)
|
|
| VMware | VMware Cloud Foundation |
Affected:
5.x , < 8.18.5
(commercial)
Affected: 4.x , < 8.18.5 (commercial) |
|
| VMware | VMware Telco Cloud Platform |
Affected:
5.x , < 8.18.5
(commercial)
Affected: 4.x , < 8.18.5 (commercial) |
|
| VMware | VMware Telco Cloud Infrastructure |
Affected:
3.x , < 8.18.5
(commercial)
Affected: 2.x , < 8.18.5 (commercial) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41244",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:00.543163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:52.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00.000Z",
"value": "CVE-2025-41244 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VCF operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "9.0.1.0",
"status": "affected",
"version": "9.0.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.5.0",
"status": "affected",
"version": "13.x.x.x",
"versionType": "commercial"
},
{
"lessThan": "12.5.4",
"status": "affected",
"version": "12.5.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "8.18.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "3.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "2.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-09-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious local actor with non-administrative privileges having access to a VM with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T16:16:24.967Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41244",
"datePublished": "2025-09-29T16:09:51.871Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2026-02-26T17:47:52.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26467 (GCVE-0-2025-26467)
Vulnerability from cvelistv5 – Published: 2025-08-25 14:06 – Updated: 2026-02-26 17:48- CWE-267 - Privilege Defined With Unsafe Actions
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/xxj36rr4d6mzyqpld… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Affected:
4.0.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T03:55:26.538246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:12.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.0.16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Ali Mirheidari of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Terry Thibault of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Will Brattain of Apple Services Engineering Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\u003c/span\u003e\n\n\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003eThis issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eUsers in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\n\n\nThis issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected.\n\nUsers in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T14:06:28.761Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/xxj36rr4d6mzyqpld05dn8b9951hfpz7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-26467",
"datePublished": "2025-08-25T14:06:28.761Z",
"dateReserved": "2025-02-10T23:19:36.665Z",
"dateUpdated": "2026-02-26T17:48:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23015 (GCVE-0-2025-23015)
Vulnerability from cvelistv5 – Published: 2025-02-04 09:37 – Updated: 2025-02-15 00:10- CWE-267 - Privilege Defined With Unsafe Actions
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Affected:
3.0.0 , ≤ 3.0.30
(semver)
Affected: 3.1.0 , ≤ 3.11.17 (semver) Affected: 4.0.0 , ≤ 4.0.15 (semver) Affected: 4.1.0 , ≤ 4.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.2 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:34.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/03/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/11/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-23015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:28:23.512076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T18:28:55.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.0.30",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.11.17",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.15",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.7",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Ali Mirheidari of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Terry Thibault of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Will Brattain of Apple Services Engineering Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.\u003cbr\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T09:37:18.580Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-23015",
"datePublished": "2025-02-04T09:37:18.580Z",
"dateReserved": "2025-01-10T03:33:46.731Z",
"dateUpdated": "2025-02-15T00:10:34.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-14349 (GCVE-0-2025-14349)
Vulnerability from cvelistv5 – Published: 2026-02-13 13:09 – Updated: 2026-06-04 06:21| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0065 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Universal Software Inc. | FlexCity/Kiosk |
Affected:
1.0 , < 1.0.36
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T17:00:51.316203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T17:01:01.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FlexCity/Kiosk",
"vendor": "Universal Software Inc.",
"versions": [
{
"lessThan": "1.0.36",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0130brahim Y\u0130\u011e\u0130TSOY"
}
],
"datePublic": "2026-02-13T11:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.\u003cp\u003eThis issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.\u003c/p\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.\n\nThis issue affects FlexCity/Kiosk: from 1.0 before 1.0.36."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T06:21:43.095Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0065"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0065"
}
],
"source": {
"advisory": "TR-26-0065",
"defect": [
"TR-26-0065"
],
"discovery": "UNKNOWN"
},
"title": "Business Logic Error in Universal Software\u0027s FlexCity/Kiosk",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-14349",
"datePublished": "2026-02-13T13:09:43.901Z",
"dateReserved": "2025-12-09T15:35:48.265Z",
"dateUpdated": "2026-06-04T06:21:43.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13979 (GCVE-0-2025-13979)
Vulnerability from cvelistv5 – Published: 2026-01-28 20:00 – Updated: 2026-01-29 17:10- CWE-267 - Privilege Defined With Unsafe Actions
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T17:10:00.857726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T17:10:16.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/minisite",
"defaultStatus": "unaffected",
"product": "Mini site",
"repo": "https://git.drupalcode.org/project/minisite",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.0.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Rudloff (prudloff)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "cb_govcms"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Pierre Rudloff (prudloff)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2025-12-03T18:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.\u003cp\u003eThis issue affects Mini site: from 0.0.0 before 3.0.2.\u003c/p\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T20:00:38.256Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-117"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-13979",
"datePublished": "2026-01-28T20:00:38.256Z",
"dateReserved": "2025-12-03T17:04:18.274Z",
"dateUpdated": "2026-01-29T17:10:16.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7691 (GCVE-0-2025-7691)
Vulnerability from cvelistv5 – Published: 2025-09-26 09:05 – Updated: 2026-02-26 17:47- CWE-267 - Privilege Defined With Unsafe Actions
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/555786 | issue-trackingpermissions-required |
| https://hackerone.com/reports/3200469 | technical-descriptionexploitpermissions-required |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:25.765550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:53.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.2.7",
"status": "affected",
"version": "16.6",
"versionType": "semver"
},
{
"lessThan": "18.3.3",
"status": "affected",
"version": "18.3",
"versionType": "semver"
},
{
"lessThan": "18.4.1",
"status": "affected",
"version": "18.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [rogerace](https://hackerone.com/rogerace) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T09:05:06.532Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #555786",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/555786"
},
{
"name": "HackerOne Bug Bounty Report #3200469",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3200469"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 18.2.7, 18.3.3 or 18.4.1"
}
],
"title": "Privilege Defined With Unsafe Actions in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-7691",
"datePublished": "2025-09-26T09:05:06.532Z",
"dateReserved": "2025-07-15T19:30:32.045Z",
"dateUpdated": "2026-02-26T17:47:53.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7030 (GCVE-0-2025-7030)
Vulnerability from cvelistv5 – Published: 2025-07-08 20:54 – Updated: 2025-07-09 14:23- CWE-267 - Privilege Defined With Unsafe Actions
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Two-factor Authentication (TFA) |
Affected:
0.0.0 , < 1.11.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-7030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:23:06.946669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:23:22.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/tfa",
"defaultStatus": "unaffected",
"product": "Two-factor Authentication (TFA)",
"repo": "https://git.drupalcode.org/project/tfa",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Conrad Lara (cmlara)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Conrad Lara (cmlara)"
},
{
"lang": "en",
"type": "coordinator",
"value": "cilefen (cilefen)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Dan Smith (galooph)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2025-07-02T17:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.\u003c/p\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:54:13.917Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-085"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-7030",
"datePublished": "2025-07-08T20:54:13.917Z",
"dateReserved": "2025-07-02T16:07:06.376Z",
"dateUpdated": "2025-07-09T14:23:22.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2903 (GCVE-0-2025-2903)
Vulnerability from cvelistv5 – Published: 2025-04-17 06:50 – Updated: 2025-04-17 17:44{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:32:23.705012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:44:16.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Continuous Data, Continuous Compliance",
"product": "Delphix",
"vendor": "Perforce",
"versions": [
{
"lessThanOrEqual": "2025.2.0.0",
"status": "affected",
"version": "14.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T06:50:11.131Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001Sed3YAC"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Chaining in Delphix",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-2903",
"datePublished": "2025-04-17T06:50:11.131Z",
"dateReserved": "2025-03-28T06:40:28.966Z",
"dateUpdated": "2025-04-17T17:44:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47906 (GCVE-0-2024-47906)
Vulnerability from cvelistv5 – Published: 2024-11-12 15:59 – Updated: 2024-11-22 16:31| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.4R2 , ≤ 22.7R2.2
(custom)
Unaffected: 22.7R2.3 (custom) |
|
| Ivanti | Policy Secure |
Unaffected:
22.7R1.2
(custom)
|
|
| ivanti | connect_secure |
Affected:
22.4r2 , ≤ 22.7r2.2
(custom)
Affected: 22.7r2.3 cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* |
|
| ivanti | policy_secure |
Affected:
22.7r1.2
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"lessThanOrEqual": "22.7r2.2",
"status": "affected",
"version": "22.4r2",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.7r2.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.7r1.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:05:21.868816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T17:09:52.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "22.7R2.2",
"status": "affected",
"version": "22.4R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.7R2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R1.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges."
}
],
"value": "Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:31:00.963Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-47906",
"datePublished": "2024-11-12T15:59:53.269Z",
"dateReserved": "2024-10-04T19:25:07.889Z",
"dateUpdated": "2024-11-22T16:31:00.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42365 (GCVE-0-2024-42365)
Vulnerability from cvelistv5 – Published: 2024-08-08 16:29 – Updated: 2025-11-03 22:04| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/commit/42a2f… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/7a009… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/b4063… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/bbe68… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/faddd… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/blob/14367ca… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/blob/7d28165… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk |
Affected:
< 18.24.2
Affected: >= 19.0.0, < 20.9.2 Affected: >= 21.0.0, < 21.4.2 Affected: < 18.9-cert11 Affected: >= 19.0, < 20.7-cert2 |
|
| asterisk | certified_asterisk |
Affected:
0 , < 18.9-cert11
(custom)
Affected: 19.0 , < 20.7-cert2 (custom) cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:* |
|
| asterisk | asterisk |
Affected:
0 , < 18.24.2
(custom)
Affected: 19.0.0 , < 20.9.2 (custom) Affected: 21.0.0 , < 21.4.2 (custom) cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "certified_asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.9-cert11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.7-cert2",
"status": "affected",
"version": "19.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.24.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.9.2",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
},
{
"lessThan": "21.4.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T16:38:45.608389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:49:00.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:04:48.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.2"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.2"
},
{
"status": "affected",
"version": "\u003c 18.9-cert11"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T16:29:07.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"name": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"name": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"name": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"name": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
}
],
"source": {
"advisory": "GHSA-c4cg-9275-6w44",
"discovery": "UNKNOWN"
},
"title": "Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42365",
"datePublished": "2024-08-08T16:29:07.436Z",
"dateReserved": "2024-07-30T14:01:33.923Z",
"dateUpdated": "2025-11-03T22:04:48.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.
CAPEC-634: Probe Audio and Video Peripherals
The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.
CAPEC-637: Collect Data from Clipboard
The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.
CAPEC-643: Identify Shared Files/Directories on System
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
CAPEC-648: Collect Data from Screen Capture
An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.