CVE-2024-11013

Summary

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationUNIVERGE IXfrom Ver9.2 to Ver10.10.21affected
NEC CorporationUNIVERGE IXfor Ver10.8 up to Ver10.8.27affected
NEC CorporationUNIVERGE IXfor Ver10.9 up to Ver10.9.14affected
NEC CorporationUNIVERGE IX-R/IX-VVer1.2.15 and earlieraffected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References