CVE-2024-10035

Summary

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.

This issue affects CoslatV3: through 3.1069.

NOTE: The vendor was contacted and it was learned that the product is not supported.

Affected Software

VendorProductVersion RangeStatus
BG-TEK Informatics Security TechnologiesCoslatV30 <= 3.1069affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References