exploitDog

CVE-2024-39755

Опубликовано: 03 окт. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2060
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:veertu:anka_build_cloud:1.42.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

7.8 High

CVSS3

Дефекты

CWE-282

Связанные уязвимости

GHSA-2jm4-m62p-325r

CVSS3: 7.8

github

больше 1 года назад

A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

EPSS

Процентиль: 24%

0.00082

Низкий

7.8 High

CVSS3

Дефекты

CWE-282