CVE-2024-12903
CVSS V2 None
CVSS V3 None
Description
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
Overview
- CVE ID
- CVE-2024-12903
- Assigner
- INCIBE
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-23T12:41:12.704Z
- Last Modified Date
- 2024-12-24T01:59:35.383Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-12903 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12903 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-24 13:13:03 | Added to TrackCVE |