CVE-2024-4999
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber
Summary
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ligowave | UNITY | 0 <= 6.95-2 | affected |
| Ligowave | PRO | 0 <= 6.95-1.rt3883 | affected |
| Ligowave | MIMO | 0 <= 6.95-1.rt2880 | affected |
| Ligowave | APC Propeller | 0 <= 2-5.95-4.rt3352 | affected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Workarounds
This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.