github - ghsa-jq63-f9q2-ph96

ghsa-jq63-f9q2-ph96

Vulnerability from github

Published

2024-12-11 18:30

Modified

2024-12-11 18:30

Details

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-28140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-11T16:15:10Z",
    "severity": null
  },
  "details": "The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u00a0This can be confirmed by running \"ps aux\" as the root user and observing the output.",
  "id": "GHSA-jq63-f9q2-ph96",
  "modified": "2024-12-11T18:30:42Z",
  "published": "2024-12-11T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28140"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/imageaccess"
    },
    {
      "type": "WEB",
      "url": "https://www.imageaccess.de/?page=SupportPortal\u0026lang=en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2024-28140

Vulnerability from cvelistv5

Published

2024-12-11 15:48

Modified

2024-12-11 17:26

Severity ?

6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Violation of Least Privilege Principle

References

▼	URL	Tags
	https://r.sec-consult.com/imageaccess	third-party-advisory
	https://www.imageaccess.de/?page=SupportPortal&lang=en	patch

Impacted products

Vendor

Product

Version

▼

Image Access GmbH

Scan2Net

Version: 0 < 7.42

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-28140",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T17:19:48.898302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T17:26:17.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Scan2Net",
          "vendor": "Image Access GmbH",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.42",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.42",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hirschberger (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Tobias Niemann (SEC Consult Vulnerability Lab)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eThe scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis can be confirmed by running \"ps aux\" as the root user and observing the output.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e"
            }
          ],
          "value": "The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u00a0This can be confirmed by running \"ps aux\" as the root user and observing the output."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SEC Consult Vulnerability Lab has published proof of concept material in the technical security advisory.\u003cbr\u003e"
            }
          ],
          "value": "The SEC Consult Vulnerability Lab has published proof of concept material in the technical security advisory."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-11T15:48:22.287Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/imageaccess"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.imageaccess.de/?page=SupportPortal\u0026lang=en"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor provides a firmware update to version 7.42 (or higher) which can be downloaded via the vendor\u0027s customer server portal.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vendor provides a firmware update to version 7.42 (or higher) which can be downloaded via the vendor\u0027s customer server portal."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Violation of Least Privilege Principle",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2024-28140",
    "datePublished": "2024-12-11T15:48:22.287Z",
    "dateReserved": "2024-03-05T09:15:40.201Z",
    "dateUpdated": "2024-12-11T17:26:17.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted