CVE-2024-56839 | THREATINT

Description

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

PUBLISHED Reserved 2025-01-03 | Published 2025-12-09 | Updated 2025-12-09 | Assigner siemens

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Product status

Default status

unknown

Any version before V2.17.0

affected

References

cert-portal.siemens.com/productcert/html/ssa-912274.html

cve.org (CVE-2024-56839)

nvd.nist.gov (CVE-2024-56839)

Download JSON