CVE-2024-23970

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

Ссылки

https://www.zerodayinitiative.com/advisories/ZDI-24-1052/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:chargepoint:home_flex_nema_14-50_plug_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chargepoint:home_flex_nema_14-50_plug:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:chargepoint:home_flex_hardwired_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chargepoint:home_flex_hardwired:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:chargepoint:home_flex_nema_6-50_plug_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chargepoint:home_flex_nema_6-50_plug:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00133

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-rx56-hv52-ppxp

CVSS3: 6.5

github

около 1 года назад

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

EPSS

Процентиль: 34%

0.00133

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295