CVE-2024-2162

Summary

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.

This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Affected Software

VendorProductVersion RangeStatus
KiloviewNDIN3 Firmware 2.02.0227unaffected
KiloviewNDIN3-s Firmware 2.02.0227unaffected
KiloviewNDIN4 Firmware 2.02.0227unaffected
KiloviewNDIN20 Firmware 2.02.0227unaffected
KiloviewNDIN30 Firmware 2.02.0227unaffected
KiloviewNDIN40 Firmware 2.02.0227unaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Workarounds

Restrict access to the management interface of all affected Kiloview devices by applying strict firewall rules or other available means.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References