CVE-2024-31408 | THREATINT

Description

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.

PUBLISHED Reserved 2024-09-26 | Published 2024-11-22 | Updated 2024-12-05 | Assigner jpcert

HIGH: 8.0CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.11 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.7.10 and earlier

affected

firmware Ver.3.01 and earlier

affected

firmware Ver.3.01 and earlier

affected

firmware Ver.3.00 and earlier

affected

firmware Ver.3.00 and earlier

affected

firmware Ver.3.00 and earlier

affected

firmware Ver.3.00 and earlier

affected

firmware Ver.3.00 and earlier

affected

firmware Ver.3.01 and earlier

affected

firmware Ver.3.01 and earlier

affected

firmware Ver.3.00 and earlier

affected

References

www.aiphone.net/important/20241016_1/

www.aiphone.net/important/20241016_2/

www.aiphone.net/support/software-documents/ix/

www.aiphone.net/support/software-documents/ixg/

jvn.jp/en/jp/JVN41397971/

cve.org (CVE-2024-31408)

nvd.nist.gov (CVE-2024-31408)

Download JSON