CVE-2024-4229

CVSS 7.8 HIGHEPSS 0.2%CWE-276

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

19 dez 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Edgecross Consortium · Edgecross Basic Software for Developers Edgecross Consortium · Edgecross Basic Software for Windows

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://jvn.jp/vu/JVNVU92857077/index.html https://www.edgecross.org/client_info/EDGECROSS/view/userweb/ext/en/data-download/pdf/ECD-TE10-0003-01-EN.pdf