Description

An attacker with admin access can install rogue applications. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-276

Links
CPEs
  • toshibatec product version

CVSS

CVSS version: 3.1 Base score: 6.7
Base severity: MEDIUM Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability score: 1.4 Impact score: 5.2

Can you explain the CVE description?

This Common Vulnerabilities and Exposures (CVE) description is for a vulnerability with the identifier CVE-2024-27180. The vulnerability allows an attacker with admin access to install rogue applications. The affected products, models, and versions are not specified in the description but can be found in the reference URLs provided. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.7, which categorizes it as having a medium severity level. The vector CVSS shows that the vulnerability has a base score of 6.7 with the following characteristics: Attack Vector (AV) is Local (L), Attack Complexity (AC) is High (H), Privileges Required (PR) is None (N), User Interaction (UI) is None (N), Scope (S) is Unchanged (U), Confidentiality Impact (C) is None (N), Integrity Impact (I) is High (H), and Availability Impact (A) is High (H). The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. The vulnerability is associated with the Common Weakness Enumeration (CWE) identifier CWE-276. The description includes links to reference URLs where more information about the vulnerability can be found. The exploitability score is 1.4, and the impact score is 5.2. The assigner of this CVE is identified as ecc0f906-8666-484c-bcf8-c3b7520a72f0.

How can this vulnerability be part of an attack tree?

One possible attack tree involving this vulnerability could be as follows: 1. Attacker gains admin access to the system. 2. Attacker identifies the vulnerability that allows them to install rogue applications. 3. Attacker exploits the vulnerability to install a rogue application on the system. 4. Rogue application gains access to sensitive information on the system. 5. Attacker exfiltrates the sensitive information for malicious purposes. By following this attack tree, the attacker can leverage the vulnerability described in CVE-2024-27180 to gain unauthorized access to sensitive information on the system and exfiltrate it for their own gain.


Generated on: 2024-07-05