CVE-2024-22078

CVSS 8.8 HIGHEPSS 0.6%CWE-280

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.6%KEV nãoPoC —Patch —

Lifecycle

Mar 20, 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.elspec-ltd.com/support/security-advisories/