CVE-2024-4163

Name of the Vulnerable Software and Affected Versions Skylab IGX IIoT Gateway (affected versions not specified)

Description The Skylab IGX IIoT Gateway has a security issue where the limited shell terminal process runs under root privileges, allowing an attacker to read, write, and modify any file in the operating system. This can be achieved by utilizing the limited shell file exec and download functions. An attacker can replace the /etc/passwd file with a new root user entry, enabling them to breakout from the limited shell and login to an unrestricted shell with root access. With root access, the attacker can take full control of the IIoT Gateway.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.