Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

CVE-2024-9002 (GCVE-0-2024-9002)

Vulnerability from cvelistv5 – Published: 2024-10-11 13:43 – Updated: 2024-10-11 14:03
VLAI
Summary
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Schneider Electric Easergy Studio Affected: Versions 9.3.1 and prior
Create a notification for this product.
schneider-electric easergy_studio Affected: 0 , ≤ 9.3.1 (custom)
    cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "easergy_studio",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "9.3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:00:52.423687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T14:03:06.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Easergy Studio",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 9.3.1 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized\naccess, loss of confidentiality, integrity, and availability of the workstation when non-admin\nauthenticated user tries to perform privilege escalation by tampering with the binaries"
            }
          ],
          "value": "CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized\naccess, loss of confidentiality, integrity, and availability of the workstation when non-admin\nauthenticated user tries to perform privilege escalation by tampering with the binaries"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T13:43:25.391Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-282-03.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-9002",
    "datePublished": "2024-10-11T13:43:25.391Z",
    "dateReserved": "2024-09-19T14:23:12.585Z",
    "dateUpdated": "2024-10-11T14:03:06.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8853 (GCVE-0-2024-8853)

Vulnerability from cvelistv5 – Published: 2024-09-20 07:33 – Updated: 2026-04-08 17:19
VLAI
Title
Webo-facto <= 1.40 - Unauthenticated Privilege Escalation
Summary
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
jeremieglotin Webo-facto Affected: 0 , ≤ 1.40 (semver)
Create a notification for this product.
medialibs webo-facto Affected: 0 , ≤ 1.40 (semver)
    cpe:2.3:a:medialibs:webo-facto:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:medialibs:webo-facto:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "webo-facto",
            "vendor": "medialibs",
            "versions": [
              {
                "lessThanOrEqual": "1.40",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-20T17:30:57.368567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-20T17:32:55.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Webo-facto",
          "vendor": "jeremieglotin",
          "versions": [
            {
              "lessThanOrEqual": "1.40",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the \u0027doSsoAuthentification\u0027 function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains \u0027-wfuser\u0027."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:19:49.392Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/webo-facto-connector/tags/1.40/WeboFacto/Sso.php#L78"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3153062/webo-facto-connector"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-13T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-09-13T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-09-17T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Webo-facto \u003c= 1.40 - Unauthenticated Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-8853",
    "datePublished": "2024-09-20T07:33:35.851Z",
    "dateReserved": "2024-09-13T18:40:57.970Z",
    "dateUpdated": "2026-04-08T17:19:49.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8810 (GCVE-0-2024-8810)

Vulnerability from cvelistv5 – Published: 2024-11-07 21:24 – Updated: 2024-11-08 15:47
VLAI
Title
Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access
Summary
A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
GitHub Enterprise Server Affected: 3.10.0 , ≤ 3.10.16 (semver)
Affected: 3.11.0 , ≤ 3.11.14 (semver)
Affected: 3.12.0 , ≤ 3.12.8 (semver)
Affected: 3.13.0 , ≤ 3.13.3 (semver)
Affected: 3.14 , ≤ 3.14.0 (semver)
Create a notification for this product.
github enterprise_server Affected: 3.10.0 , ≤ 3.10.16 (semver)
Affected: 3.11.0 , ≤ 3.11.14 (semver)
Affected: 3.12.0 , ≤ 3.12.8 (semver)
Affected: 3.13.0 , ≤ 3.13.3 (semver)
Affected: 3.14.0 , < 3.14.1 (semver)
    cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
ahacker1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_server",
            "vendor": "github",
            "versions": [
              {
                "lessThanOrEqual": "3.10.16",
                "status": "affected",
                "version": "3.10.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.11.14",
                "status": "affected",
                "version": "3.11.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.12.8",
                "status": "affected",
                "version": "3.12.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.13.3",
                "status": "affected",
                "version": "3.13.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.14.1",
                "status": "affected",
                "version": "3.14.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T15:29:33.943526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:47:50.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.10.17",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.10.16",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.11.15",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.11.14",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.12.9",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.12.8",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.13.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.13.3",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.14.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.14.0",
              "status": "affected",
              "version": "3.14",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ahacker1"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App.\u003c/span\u003e This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
            }
          ],
          "value": "A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:C/RE:L/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T21:24:34.754Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2024-8810",
    "datePublished": "2024-11-07T21:24:34.754Z",
    "dateReserved": "2024-09-13T18:04:12.020Z",
    "dateUpdated": "2024-11-08T15:47:50.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8533 (GCVE-0-2024-8533)

Vulnerability from cvelistv5 – Published: 2024-09-12 20:06 – Updated: 2024-09-12 20:58
VLAI
Title
Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions
Summary
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Rockwell Automation 2800C OptixPanel™ Compact Affected: 4.0.0.325
Create a notification for this product.
Rockwell Automation 2800S OptixPanel™ Standard Affected: 4.0.0.350
Create a notification for this product.
Rockwell Automation Embedded Edge Compute Module Affected: 4.0.0.347
Create a notification for this product.
rockwellautomation 2800c_optixpanel_compact Affected: 4.0.0.325
    cpe:2.3:o:rockwellautomation:2800c_optixpanel_compact:4.0.0.325:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation 2800s_optixpanel_standard Affected: 4.0.0.350
    cpe:2.3:o:rockwellautomation:2800s_optixpanel_standard:4.0.0.350:*:*:*:*:*:*:*
Create a notification for this product.
rockwellautomation embedded_edge_compute_module Affected: 4.0.0.347
    cpe:2.3:o:rockwellautomation:embedded_edge_compute_module:4.0.0.347:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-09-12 13:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:rockwellautomation:2800c_optixpanel_compact:4.0.0.325:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "2800c_optixpanel_compact",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "4.0.0.325"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:rockwellautomation:2800s_optixpanel_standard:4.0.0.350:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "2800s_optixpanel_standard",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "4.0.0.350"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:rockwellautomation:embedded_edge_compute_module:4.0.0.347:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "embedded_edge_compute_module",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "4.0.0.347"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T20:17:47.897766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T20:58:17.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "2800C OptixPanel\u2122 Compact",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0.325"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "2800S OptixPanel\u2122 Standard",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0.350"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Embedded Edge Compute Module",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0.347"
            }
          ]
        }
      ],
      "datePublic": "2024-09-12T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-12T20:06:20.913Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cbr\u003eAffected Product\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFirst Known in Software Version\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eCorrected in Software Version\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e2800C OptixPanel\u2122 Compact\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.0.325\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.2.116\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e2800S OptixPanel\u2122 Standard\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.0.350\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.2.123\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eEmbedded Edge Compute Module\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.0.347\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e4.0.2.106\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003eMitigations and Workarounds \u003cbr\u003eCustomers using the affected software are encouraged to apply security best practices\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Product\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in Software Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n2800C OptixPanel\u2122 Compact\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.325\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.116\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n2800S OptixPanel\u2122 Standard\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.350\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.123\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nEmbedded Edge Compute Module\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.347\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.106\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software are encouraged to apply security best practices\n\n  *  For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability."
        }
      ],
      "source": {
        "advisory": "SD1964",
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation OptixPanel\u2122 Privilege Escalation Vulnerability via File Permissions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-8533",
    "datePublished": "2024-09-12T20:06:20.913Z",
    "dateReserved": "2024-09-06T17:15:15.321Z",
    "dateUpdated": "2024-09-12T20:58:17.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8424 (GCVE-0-2024-8424)

Vulnerability from cvelistv5 – Published: 2024-11-07 23:27 – Updated: 2024-11-08 15:28
VLAI
Title
WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
Summary
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
WatchGuard EPDR Affected: 0 , < 8.00.23.0000 (semver)
Create a notification for this product.
WatchGuard Panda AD360 Affected: 0 , < 8.00.23.0000 (semver)
Create a notification for this product.
WatchGuard Panda Dome Affected: 0 , < 22.03.00 (semver)
Create a notification for this product.
watchguard epdr_firmware Affected: 0 , < 8.00.23.0000 (semver)
    cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
watchguard panda_ad360_firmware Affected: 0 , < 8.00.23.0000 (semver)
    cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
watchgua panda_dome_firmware Affected: 0 , < 22.03.00 (semver)
    cpe:2.3:o:watchgua:panda_dome_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epdr_firmware",
            "vendor": "watchguard",
            "versions": [
              {
                "lessThan": "8.00.23.0000",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "panda_ad360_firmware",
            "vendor": "watchguard",
            "versions": [
              {
                "lessThan": "8.00.23.0000",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:watchgua:panda_dome_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "panda_dome_firmware",
            "vendor": "watchgua",
            "versions": [
              {
                "lessThan": "22.03.00",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8424",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T15:24:55.190870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:28:51.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "PSANHost"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "EPDR",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThan": "8.00.23.0000",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "PSANHost"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Panda AD360",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThan": "8.00.23.0000",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "PSANHost"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Panda Dome",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThan": "22.03.00",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.\u003cbr\u003e\u003cp\u003eThis issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00.\u003c/p\u003e"
            }
          ],
          "value": "Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.\nThis issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T00:57:31.232Z",
        "orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
        "shortName": "WatchGuard"
      },
      "references": [
        {
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00017"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
    "assignerShortName": "WatchGuard",
    "cveId": "CVE-2024-8424",
    "datePublished": "2024-11-07T23:27:50.279Z",
    "dateReserved": "2024-09-04T14:08:29.933Z",
    "dateUpdated": "2024-11-08T15:28:51.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8306 (GCVE-0-2024-8306)

Vulnerability from cvelistv5 – Published: 2024-09-11 15:05 – Updated: 2024-09-11 18:21
VLAI
Summary
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Schneider Electric Vijeo Designer Affected: Prior to V6.3 SP1
Create a notification for this product.
Schneider Electric Vijeo Designer embedded in EcoStruxure™ Machine Expert Affected: All Versions
Create a notification for this product.
schneider-electric vijeo_designer Affected: 0 , < 6.3 SP1 (custom)
    cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vijeo_designer",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "6.3 SP1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:16:24.377142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:21:20.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vijeo Designer",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to V6.3 SP1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vijeo Designer embedded in EcoStruxure\u2122 Machine Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized\naccess, loss of confidentiality, integrity and availability of the workstation when non-admin\nauthenticated user tries to perform privilege escalation by tampering with the binaries."
            }
          ],
          "value": "CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized\naccess, loss of confidentiality, integrity and availability of the workstation when non-admin\nauthenticated user tries to perform privilege escalation by tampering with the binaries."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T15:05:31.560Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-254-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-254-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-8306",
    "datePublished": "2024-09-11T15:05:31.560Z",
    "dateReserved": "2024-08-29T09:01:34.777Z",
    "dateUpdated": "2024-09-11T18:21:20.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8263 (GCVE-0-2024-8263)

Vulnerability from cvelistv5 – Published: 2024-09-23 20:12 – Updated: 2024-09-23 20:36
VLAI
Summary
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
GitHub GitHub Enterprise Server Affected: 3.14 , ≤ 3.14.0 (semver)
Affected: 3.13.0 , ≤ 3.13.3 (semver)
Affected: 3.12.0 , ≤ 3.12.8 (semver)
Affected: 3.11.0 , ≤ 3.11.14 (semver)
Affected: 3.10.0 , ≤ 3.10.16 (semver)
Create a notification for this product.
Credits
syvb
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T20:36:29.135789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T20:36:38.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "GitHub Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.14.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.14.0",
              "status": "affected",
              "version": "3.14",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.13.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.13.3",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.12.9",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.12.8",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.11.15",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.11.14",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.10.17",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.10.16",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "syvb"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eAn improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u0026nbsp;This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-23T20:12:51.005Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2024-8263",
    "datePublished": "2024-09-23T20:12:51.005Z",
    "dateReserved": "2024-08-28T13:59:08.440Z",
    "dateUpdated": "2024-09-23T20:36:38.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8247 (GCVE-0-2024-8247)

Vulnerability from cvelistv5 – Published: 2024-09-06 03:30 – Updated: 2026-04-08 16:42
VLAI
Title
Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation
Summary
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
contrid Newsletters Affected: 0 , ≤ 4.9.9.2 (semver)
Create a notification for this product.
tribulant newsletters Affected: 0 , ≤ 4.9.9.2 (semver)
    cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
rajesh patil
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "newsletters",
            "vendor": "tribulant",
            "versions": [
              {
                "lessThanOrEqual": "4.9.9.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T13:34:40.204787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T13:37:42.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Newsletters",
          "vendor": "contrid",
          "versions": [
            {
              "lessThanOrEqual": "4.9.9.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "rajesh patil"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent \u0026 Draft Emails page of the plugin in order for this to be exploited."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:42:25.377Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.9.9.1/wp-mailinglist.php#L3279"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3146287%40newsletters-lite\u0026new=3146287%40newsletters-lite\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-05T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Newsletters \u003c= 4.9.9.2 - Authenticated Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-8247",
    "datePublished": "2024-09-06T03:30:40.728Z",
    "dateReserved": "2024-08-27T22:39:07.593Z",
    "dateUpdated": "2026-04-08T16:42:25.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8246 (GCVE-0-2024-8246)

Vulnerability from cvelistv5 – Published: 2024-09-14 03:19 – Updated: 2026-04-08 16:48
VLAI
Title
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation
Summary
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
themekraft Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Affected: 0 , ≤ 2.8.11 (semver)
Create a notification for this product.
themekraft post_form_registration_form_profile_form_for_user_profiles_and_content_forms Affected: 0 , ≤ 2.8.11 (custom)
    cpe:2.3:a:themekraft:post_form_registration_form_profile_form_for_user_profiles_and_content_forms:*:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
wesley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:themekraft:post_form_registration_form_profile_form_for_user_profiles_and_content_forms:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "post_form_registration_form_profile_form_for_user_profiles_and_content_forms",
            "vendor": "themekraft",
            "versions": [
              {
                "lessThanOrEqual": "2.8.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T19:08:27.723383Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T19:09:35.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)",
          "vendor": "themekraft",
          "versions": [
            {
              "lessThanOrEqual": "2.8.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "wesley"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:48:24.571Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3149760/buddyforms/trunk/includes/admin/form-builder/meta-boxes/metabox-registration.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-13T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) \u003c= 2.8.11 - Authenticated (Contributor+) Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-8246",
    "datePublished": "2024-09-14T03:19:27.488Z",
    "dateReserved": "2024-08-27T21:04:46.301Z",
    "dateUpdated": "2026-04-08T16:48:24.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8100 (GCVE-0-2024-8100)

Vulnerability from cvelistv5 – Published: 2025-05-08 18:31 – Updated: 2025-05-08 18:57
VLAI
Title
On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
Summary
On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Arista Networks CloudVision Affected: 2024.3.0 (custom)
Affected: 2024.0 , ≤ 2024.2 (custom)
Affected: 2023.3.0 , ≤ 2023.3.1 (custom)
Affected: 2023.0 , ≤ 2023.2 (custom)
Affected: 2022 (custom)
Affected: 2021 (custom)
Affected: 2020 (custom)
Affected: 2019 (custom)
Affected: 2018 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8100",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:56:57.041097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T18:57:09.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CloudVision",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "2024.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2024.2",
              "status": "affected",
              "version": "2024.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2023.3.1",
              "status": "affected",
              "version": "2023.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2023.2",
              "status": "affected",
              "version": "2023.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2020",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2019",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2018",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo specific configuration is required to be vulnerable to CVE-2024-8100.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "No specific configuration is required to be vulnerable to CVE-2024-8100."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T18:31:39.114Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/software-download\"\u003eCVP Software downloads\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8100 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e2024.1.3 and later releases in the 2024.1.x train\u003c/li\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003cli\u003e2025.1.0 and later releases in the 2025.1.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  CVP Software downloads https://www.arista.com/en/support/software-download \n\n\u00a0\n\nCVE-2024-8100 has been fixed in the following releases:\n\n  *  2024.1.3 and later releases in the 2024.1.x train\n  *  2024.2.2 and later releases in the 2024.2.x train\n  *  2024.3.1 and later releases in the 2024.3.x train\n  *  2025.1.0 and later releases in the 2025.1.x train"
        }
      ],
      "source": {
        "advisory": "116",
        "defect": [
          "BUG 994965"
        ],
        "discovery": "INTERNAL"
      },
      "title": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBest practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\u003c/p\u003e\u003cp\u003eSuccessful exploit generally requires one of the following:\u003c/p\u003e\u003col\u003e\u003cli\u003eA rogue or compromised internal user with Device enrollment read/write permissions\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR,\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003col\u003e\u003cli\u003eA valid device onboarding token that is easily accessible beyond the expected set of trusted users\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Best practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\n\nSuccessful exploit generally requires one of the following:\n\n  *  A rogue or compromised internal user with Device enrollment read/write permissions\nOR,\n\n\u00a0\n\n  *  A valid device onboarding token that is easily accessible beyond the expected set of trusted users\nIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-8100",
    "datePublished": "2025-05-08T18:31:39.114Z",
    "dateReserved": "2024-08-22T18:18:50.804Z",
    "dateUpdated": "2025-05-08T18:57:09.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.