PT-2024-32880 · Intermesh · Intermesh 7707 Fire Subscriber+1
Jean Pereira
·
Published
2024-10-23
·
Updated
2024-10-30
·
CVE-2024-47904
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
InterMesh 7177 Hybrid 2.0 Subscriber versions prior to 8.2.12
InterMesh 7707 Fire Subscriber versions prior to 7.2.12
Description
A vulnerability has been identified that could allow an authenticated local attacker to execute arbitrary commands with root privileges due to a SUID binary. This issue affects devices where the IP interface is enabled, although this is not the default configuration.
Recommendations
For InterMesh 7177 Hybrid 2.0 Subscriber versions prior to 8.2.12, update to version 8.2.12 or later.
For InterMesh 7707 Fire Subscriber versions prior to 7.2.12, update to version 7.2.12 or later, especially if the IP interface is enabled.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intermesh 7177 Hybrid 2.0 Subscriber
Intermesh 7707 Fire Subscriber