CVE-2024-6206

{"id": "CVE-2024-6206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-06-25T20:15:14.210", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US", "source": "security-alert@hpe.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de seguridad en el software HPE Athonet Mobile Core. La aplicaci\u00f3n principal contiene una vulnerabilidad de inyecci\u00f3n de c\u00f3digo donde un actor de amenazas podr\u00eda ejecutar comandos arbitrarios con el privilegio del contenedor subyacente, lo que llevar\u00eda a tomar el control completo del sistema de destino."}], "lastModified": "2024-08-08T14:35:13.290", "sourceIdentifier": "security-alert@hpe.com"}