Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29122

Summary
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At-05 Nov, 2024 | 15:24
Updated At-05 Nov, 2024 | 18:58
Rejected At-
Credits

Incorrect file ownership of privileged service's libraries in Enel X JuiceBox

Under certain conditions, access to service libraries is granted to account they should not have access to.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASRG
Assigner Org ID:c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At:05 Nov, 2024 | 15:24
Updated At:05 Nov, 2024 | 18:58
Rejected At:
▼CVE Numbering Authority (CNA)
Incorrect file ownership of privileged service's libraries in Enel X JuiceBox

Under certain conditions, access to service libraries is granted to account they should not have access to.

Affected Products
Vendor
Enel X
Product
JuiceBox Pro 3.0 22kW Cellular
Modules
  • Internal Service's Libraries
Default Status
unaffected
Versions
Affected
  • From 0 through 2.1.1.0_JB3VU096A (custom)
Problem Types
TypeCWE IDDescription
CWECWE-708CWE-708: Incorrect Ownership Assignment
Type: CWE
CWE ID: CWE-708
Description: CWE-708: Incorrect Ownership Assignment
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Artem Ivachev (PCAutomotive)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
N/A
Hyperlink: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
enel_x
Product
juicebox_pro3.0_22kw_cellular
CPEs
  • cpe:2.3:a:enel_x:juicebox_pro3.0_22kw_cellular:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through 2.1.1.0_JB3VU096A (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@asrg.io
Published At:05 Nov, 2024 | 16:15
Updated At:06 Nov, 2024 | 18:17

Under certain conditions, access to service libraries is granted to account they should not have access to.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-708Secondarycve@asrg.io
CWE ID: CWE-708
Type: Secondary
Source: cve@asrg.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdfcve@asrg.io
N/A
Hyperlink: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Source: cve@asrg.io
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2023-20043
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cx_cloud_agentCisco CX Cloud Agent
CWE ID-CWE-708
Incorrect Ownership Assignment
CWE ID-CWE-276
Incorrect Default Permissions
Details not found