CVE-2024-52959

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.

CVSS

No CVSS.

References

Link	Resource
https://zuso.ai/advisory/za-2024-12

Configurations

No configuration.

History

27 Nov 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-27 06:15

Updated : 2024-11-27 06:15

NVD link : CVE-2024-52959

Mitre link : CVE-2024-52959

CVE.ORG link : CVE-2024-52959

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-52959", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ART@zuso.ai", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-27T06:15:19.083", "references": [{"url": "https://zuso.ai/advisory/za-2024-12", "source": "ART@zuso.ai"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "ART@zuso.ai", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file."}, {"lang": "es", "value": "Una vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo ('inyecci\u00f3n de c\u00f3digo') en la gesti\u00f3n de complementos en iota C.ai Conversational Platform desde la versi\u00f3n 1.0.0 hasta la 2.1.3 permite a usuarios autenticados remotos ejecutar comandos arbitrarios del sistema a trav\u00e9s de un archivo DLL."}], "lastModified": "2024-11-27T06:15:19.083", "sourceIdentifier": "ART@zuso.ai"}

CVE-2024-52959

JSON object

Attach tags to CVE-2024-52959

Attach tags to `CVE-2024-52959`