CVE-2024-42017 CRITICAL

CVE-2024-42017

Vendor N/A
Product n/a
Published September 30, 2024
Last update October 29, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

What the vulnerability does

01Description

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

Key dates

02Disclosure timeline

September 30, 2024 CVE published
October 29, 2024 Record updated