CVE-2024-2422

Summary

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

Affected Software

VendorProductVersion RangeStatus
LenelS2NetBoxAll <= 5.6.1affected

Weaknesses

  • CWE-88: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References