PT-2024-26319 · Vitec · Vitec Avediaserver

Cumhur Kizilari

Published

2024-05-15

Updated

2024-05-16

CVE-2024-35102

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VITEC AvediaServer (Model avsrv-m8105) version 8.6.2-1

Description The issue allows a remote attacker to escalate privileges via a crafted script. This is due to an Insecure Permissions vulnerability.

Recommendations For VITEC AvediaServer (Model avsrv-m8105) version 8.6.2-1, consider restricting access to the system until a patch is available to prevent privilege escalation. As a temporary workaround, review and secure any scripts that may be used to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-35102

Affected Products

Vitec Avediaserver

PT-2024-26319 · Vitec · Vitec Avediaserver

CVE-2024-35102

Related Identifiers

Affected Products

References · 4