Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-11664

Date: November 25, 2024

A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.

Language: Python

Severity Score

Related Resources (10)

https://www.youtube.com/watch?v=FJVFtNb4_qA
https://vuldb.com/?submit.447374
https://github.com/eNMS-automation/eNMS/pull/419/commits/22b0b443acca740fc83b5544165c1f53eff3f529
https://github.com/eNMS-automation/eNMS/pull/419
https://nvd.nist.gov/vuln/detail/CVE-2024-11664
https://vuldb.com/?ctiid.285986
https://mega.nz/folder/ZhIiDQaI#TUJCRV-XN41L-WEVAu0sWg
https://github.com/eNMS-automation/eNMS/pull/419#issuecomment-2495640750
https://vuldb.com/?id.285986
https://www.mend.io/vulnerability-database/CVE-2024-11664

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us