PT-2024-21370 · Evertz Microsystems · 570Ipg-X19-10G+4
Notnotnotveg
·
Published
2024-05-14
·
Updated
2024-11-06
·
CVE-2024-26367
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Evertz microsystems MViP-II Firmware version 8.6.5
Evertz microsystems XPS-EDGE-* Build 1467
Evertz microsystems evEDGE-EO-* Build 0029
Evertz microsystems MMA10G-* Build 0498
Evertz microsystems 570IPG-X19-10G Build 0691
Description
The issue allows a remote attacker to execute arbitrary code via a crafted payload to the
login parameters. This can lead to unauthorized access.Recommendations
For Evertz microsystems MViP-II Firmware version 8.6.5, update the firmware to a version that includes the fix for this issue.
For Evertz microsystems XPS-EDGE-* Build 1467, update the build to a version that includes the fix for this issue.
For Evertz microsystems evEDGE-EO-* Build 0029, update the build to a version that includes the fix for this issue.
For Evertz microsystems MMA10G-* Build 0498, update the build to a version that includes the fix for this issue.
For Evertz microsystems 570IPG-X19-10G Build 0691, update the build to a version that includes the fix for this issue.
As a temporary workaround, consider validating input for the
login parameters to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
570Ipg-X19-10G
Mma10G-*
Mvip-Ii
Xps-Edge-*
Evedge-Eo-*