Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
History

Tue, 24 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Dec 2024 13:00:00 +0000

Type Values Removed Values Added
Description Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
Title Incorrect default permissions in Biamp Evoko Home
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-12-23T12:41:12.704Z

Updated: 2024-12-24T01:59:35.383Z

Reserved: 2024-12-23T11:33:35.547Z

Link: CVE-2024-12903

cve-icon Vulnrichment

Updated: 2024-12-24T01:59:19.621Z

cve-icon NVD

Status : Received

Published: 2024-12-23T13:15:06.390

Modified: 2024-12-23T13:15:06.390

Link: CVE-2024-12903

cve-icon Redhat

No data.