CVE-2024-22062 MEDIUM

CVE-2024-22062: Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI

Vendor Zte
Product ZXCLOUD IRAI
Weakness CWE-346 · Origin validation
Published July 9, 2024
Last update August 1, 2024

CVSS base score

6.3/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
August 1, 2024 Record updated