CVE-2024-51721 (GCVE-0-2024-51721)
Vulnerability from cvelistv5
Published
2024-11-12 18:05
Modified
2024-11-12 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | SecuSUITE |
Version: 5.0.420 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secusuite",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "5.0.420"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:32:19.174330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:34:23.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SecuSUITE Server Web Administration Portal"
],
"product": "SecuSUITE",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "5.0.420"
}
]
}
],
"datePublic": "2024-11-12T18:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecode injection\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e vulnerability in the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecuSUITE\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer Web Administration Portal \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecuSUITE\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e versions 5.0.420 and earlier could allow an attacker to potentially \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einject script commands or other executable content into the server that would run with root privilege.\u003c/span\u003e"
}
],
"value": "A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:43:15.094Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140220"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-51721",
"datePublished": "2024-11-12T18:05:32.232Z",
"dateReserved": "2024-10-30T17:19:06.485Z",
"dateUpdated": "2024-11-12T21:34:23.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-51721\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T21:32:19.174330Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*\"], \"vendor\": \"blackberry\", \"product\": \"secusuite\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.420\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T21:34:19.045Z\"}}], \"cna\": {\"title\": \"Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-132\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-132 Symlink Attack\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"BlackBerry\", \"modules\": [\"SecuSUITE Server Web Administration Portal\"], \"product\": \"SecuSUITE\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.420\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-11-12T18:03:00.000Z\", \"references\": [{\"url\": \"https://support.blackberry.com/pkb/s/article/140220\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecode injection\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e vulnerability in the \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSecuSUITE\u003c/span\u003e \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eServer Web Administration Portal \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eof \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSecuSUITE\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e versions 5.0.420 and earlier could allow an attacker to potentially \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003einject script commands or other executable content into the server that would run with root privilege.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"shortName\": \"blackberry\", \"dateUpdated\": \"2024-11-12T18:43:15.094Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-51721\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T21:34:23.825Z\", \"dateReserved\": \"2024-10-30T17:19:06.485Z\", \"assignerOrgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"datePublished\": \"2024-11-12T18:05:32.232Z\", \"assignerShortName\": \"blackberry\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…