CVE-2024-42017

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Common Weakness Enumeration
References
https://eviden.com
https://support.bull.com/ols/product/security/psirt/security-bulletins/multiple-critical-vulnerabilities-in-icare-psirt-625-tlp-clear-version-0-7-cve-2024-42017/view