Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-27494

Опубликовано: 11 мар. 2025
Источник: nvd
CVSS3: 9.1
CVSS3: 7.2
EPSS Низкий

Описание

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:sipass_integrated_ac5102_\(acc-g2\)_firmware:*:*:*:*:*:*:*:*
Версия до 6.4.9 (исключая)
cpe:2.3:h:siemens:sipass_integrated_ac5102_\(acc-g2\):-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:sipass_integrated_acc-ap_firmware:*:*:*:*:*:*:*:*
Версия до 6.4.9 (исключая)
cpe:2.3:h:siemens:sipass_integrated_acc-ap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00265
Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-m2p6-m8pm-fvcc

CVSS3: 9.1
github
11 месяцев назад

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

EPSS

Процентиль: 50%
0.00265
Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo