CVE-2024-11013

Name of the Vulnerable Software and Affected Versions NEC Corporation UNIVERGE IX versions Ver9.2 through Ver10.10.21 NEC Corporation UNIVERGE IX versions Ver10.8 through Ver10.8.27 NEC Corporation UNIVERGE IX versions Ver10.9 through Ver10.9.14 NEC Corporation UNIVERGE IX-R/IX-V version Ver1.2.15 and earlier

Description The issue allows an attacker to inject arbitrary CLI commands to be executed on the device via the management interface. This can be done through the administration interface, enabling the execution of commands on the device.

Recommendations For NEC Corporation UNIVERGE IX versions Ver9.2 through Ver10.10.21, consider disabling access to the management interface until a patch is available. For NEC Corporation UNIVERGE IX versions Ver10.8 through Ver10.8.27, restrict access to the administration interface to minimize the risk of exploitation. For NEC Corporation UNIVERGE IX versions Ver10.9 through Ver10.9.14, avoid using the management interface for critical operations until the issue is resolved. For NEC Corporation UNIVERGE IX-R/IX-V version Ver1.2.15 and earlier, consider applying configuration changes to limit the attack surface of the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.