← back
CVE-2024-2007

OpenBMB XAgent Privileged Mode sandbox

CVSS 5.3 MEDIUMEPSS 0.3%CWE-265
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
OpenBMB · XAgent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpenBMB/XAgent/issues/386https://vuldb.com/?ctiid.255265https://vuldb.com/?id.255265