CVE-2024-31843

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
4.1 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
italtelembrace
1.6.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gruppotim.it/it/footer/red-team.html
https://www.gruppotim.it/it/footer/red-team.html