CVE-2023-29122

Incorrect file ownership of privileged service's libraries in Enel X JuiceBox

CVSS 6.7 MEDIUMEPSS 0.2%CWE-708

In short

A vulnerability in Enel X JuiceBox allows unauthorized user accounts to access libraries that should be restricted to a privileged service. This can lead to unauthorized modification or misuse of critical service components.

Technical detail

CWE-708 (Incorrect Ownership Assignment) affects Enel X JuiceBox service libraries, where file ownership is incorrectly configured under certain conditions, allowing non-privileged accounts read or write access to sensitive service files. Exploitation requires local access and knowledge of the vulnerable library paths; impact includes potential privilege escalation or service compromise through library manipulation.

Summary generated and translated by AI from the official description.

Under certain conditions, access to service libraries is granted to account they should not have access to.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Enel X · JuiceBox Pro 3.0 22kW Cellular

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf