CVE-2024-50597

{"id": "CVE-2024-50597", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-02T14:15:44.390", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c"}, {"lang": "es", "value": "Existe una vulnerabilidad de bajo flujo de enteros en el servidor HTTP, poner la funcionalidad de solicitud de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Un paquete de red especialmente manipulado puede conducir a la negaci\u00f3n del servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad. Esta vulnerabilidad afecta la implementaci\u00f3n del servidor HTTP del componente duo NetX que se puede encontrar en X-Cube-Azrtos-F7 \\ MiddleWares \\ ST \\ NetXDUO \\ Addons \\ Http \\ nxd_http_server.c"}], "lastModified": "2025-09-05T16:46:20.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5F8DB8-6A3C-492D-8B9D-2211A3FB2C07"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A69A0188-96F6-40C7-A2BE-8760297E6249"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF242900-643B-444B-9DE7-0373C810EA22"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE45297-82B1-4E0B-85DF-4A3C4EEC0391"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14B5944-7E42-45CD-8053-276C8787FC10"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F44785CF-9D3D-44AB-8E92-50C9471C6481"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B78921-0E36-459A-AC17-94AC6AF8847F"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58BA08A3-2A44-43CF-8302-082E44D1B070"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "163D6B0F-2A31-401D-A1CD-EC77357767BC"}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD0D34C-C260-4DC4-99A9-24F4C610C710"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}