CVE-2024-6071 CRITICAL

CVE-2024-6071: PTC Creo Elements/Direct License Server Missing Authorization

Vendor Ptc
Product Creo Elements/Direct License
Weakness CWE-862 · Missing authorization
Published June 27, 2024
Last update August 1, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE