Description

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

Classification

Assigner: [email protected]

CWE: CWE-78

Links
CPEs
  • asus download_master

CVSS

CVSS version: 3.1 Base score: 7.2
Base severity: HIGH Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.2 Impact score: 5.9

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-31162. The vulnerability exists in the specific function parameter of ASUS Download Master, where user input is not properly filtered. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. The CVSS score for this vulnerability is 7.2, indicating a high severity level. The vulnerability is classified under CWE-78, which is related to Improper Neutralization of Special Elements used in an OS Command. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. The exploitability score is 1.2, and the impact score is 5.9. The vector CVSS is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited remotely, requires low access complexity, has high privileges required, no user interaction needed, scope is unchanged, and impact includes confidentiality, integrity, and availability. The vendor, product, and version information is not provided in the description. The CVE report can be accessed at the provided link. The assigner of this CVE is [email protected].

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being used as an initial entry point for an attacker to gain unauthorized access to the targeted device. Once the attacker successfully exploits the vulnerability in ASUS Download Master to execute arbitrary system commands, they can then escalate their privileges and potentially move laterally within the network to access sensitive data or launch further attacks. The attacker could use the compromised device to launch additional attacks on other devices within the network, exfiltrate data, or disrupt services. By exploiting this vulnerability, the attacker can potentially cause significant harm to the organization, resulting in data breaches, financial losses, and reputational damage. Overall, this vulnerability provides a critical opportunity for an attacker to compromise the security of the device and the network it is connected to, making it a key component in an attack tree.


Generated on: 2024-07-01