Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-12903
Received
More InfoOfficial Page
Source-cve-coordination@incibe.es
View Known Exploited Vulnerability (KEV) details
Published At-23 Dec, 2024 | 13:15
Updated At-23 Dec, 2024 | 13:15

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-276Primarycve-coordination@incibe.es
CWE ID: CWE-276
Type: Primary
Source: cve-coordination@incibe.es
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-homecve-coordination@incibe.es
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home
Source: cve-coordination@incibe.es
Resource: N/A
Change History
0Changes found
Details not found