CVE-2024-11013

Published Nov 29, 2024

Last updated a month ago

CVSS high 7.2

Overview

Description
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.
Source
psirt-info@cyber.jp.nec.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt-info@cyber.jp.nec.com
CWE-77

Social media

Hype score
Not currently trending

  1. CVE-2024-11013 | CVE https://t.co/FxFjAZLLs7

    @cotodaman

    6 Dec 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-11013 (CVSS:7.2, HIGH) is Awaiting Analysis. Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27,..https://t.co/76fZQKtY5r #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    4 Dec 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. JVN#53958863: UNIVERGE IX/IX-R/IX-Vシリーズルータにおける複数の脆弱性 https://t.co/lFTCUwtOmP ”影響を受けるシステム CVE-2024-11013  UNIVERGE IXシリーズ  UNIVERGE IX-R/IX-Vシリーズ CVE-2024-11014  UNIVERGE IXシリーズ”

    @catnap707

    2 Dec 2024

    192 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-11013 Critical Command Injection Vulnerability in NEC UNIVERGE IX Devices NEC Corporation UNIVERGE IX devices have a Command Injection vulnerability. This affects versions from Ver9.2 to Ver10.10.21, Ver... https://t.co/jVaNe5SvaI

    @VulmonFeeds

    30 Nov 2024

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. NECの法人向けルーターに脆弱性を報告しました。CVE-2024-11013についてはユーザーに悪意がなくてもコマンドインジェクションが成立するためご注意ください。 また、一部EOL製品については更新が行われておりませんので、回避策の実施か後継製品への置換を推奨いたします! https://t.co/ypaVmx4Txy

    @ryotkak

    29 Nov 2024

    28124 Impressions

    120 Retweets

    248 Likes

    53 Bookmarks

    1 Reply

    7 Quotes

  6. CVE-2024-11013 Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-… https://t.co/lnwWOuQHFU

    @CVEnew

    29 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References