{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21878", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2024-01-02T18:30:11.174Z", "datePublished": "2024-08-10T17:44:48.892Z", "dateUpdated": "2024-08-12T14:30:47.907Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-10T17:44:48.892Z"}, "title": "Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x", "datePublic": "2024-08-10T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "Enphase", "product": "Envoy", "versions": [{"status": "affected", "version": "8.x", "lessThan": "8.2.4225", "versionType": "semver"}, {"status": "affected", "version": "7.x", "versionType": "semver"}, {"status": "affected", "version": "6.x", "versionType": "semver"}, {"status": "affected", "version": "5.x", "versionType": "semver"}, {"status": "affected", "version": "4.x", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.<p>This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.</p>"}]}], "references": [{"url": "https://csirt.divd.nl/CVE-2024-21878", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": ["related"]}, {"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-3", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "Chain of CVE-2024-21876, CVE-2024-21877 and CVE-2024-21878"}], "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "CRITICAL", "baseScore": 9.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H"}}], "workarounds": [{"lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.\nThis will ensure that the likelihood of any attacks that can get access to the OS and thus abuse this vulnerability is reduced.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.<br>This will ensure that the likelihood of any attacks that can get access to the OS and thus abuse this vulnerability is reduced."}]}], "solutions": [{"lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Devices are remotely being updated by the vendor."}]}], "credits": [{"lang": "en", "value": "Wietse Boonstra of DIVD", "type": "finder"}, {"lang": "en", "value": "Hidde Smit of DIVD", "type": "finder"}, {"lang": "en", "value": "Frank Breedijk of DIVD", "type": "analyst"}, {"lang": "en", "value": "Max van der Horst of DIVD", "type": "analyst"}], "source": {"advisory": "DIVD-2024-00011", "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "enphase", "product": "envoy", "cpes": ["cpe:2.3:h:enphase:envoy:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0", "status": "affected", "lessThan": "8.2.4225", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:27:02.414547Z", "id": "CVE-2024-21878", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:30:47.907Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21878", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-12T14:27:02.414547Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:enphase:envoy:*:*:*:*:*:*:*:*"], "vendor": "enphase", "product": "envoy", "versions": [{"status": "affected", "version": "4.0", "lessThan": "8.2.4225", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:30:39.302Z"}}], "cna": {"title": "Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x", "source": {"advisory": "DIVD-2024-00011", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Wietse Boonstra of DIVD"}, {"lang": "en", "type": "finder", "value": "Hidde Smit of DIVD"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk of DIVD"}, {"lang": "en", "type": "analyst", "value": "Max van der Horst of DIVD"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 7.1, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 9.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "Chain of CVE-2024-21876, CVE-2024-21877 and CVE-2024-21878"}]}], "affected": [{"vendor": "Enphase", "product": "Envoy", "versions": [{"status": "affected", "version": "8.x", "lessThan": "8.2.4225", "versionType": "semver"}, {"status": "affected", "version": "7.x", "versionType": "semver"}, {"status": "affected", "version": "6.x", "versionType": "semver"}, {"status": "affected", "version": "5.x", "versionType": "semver"}, {"status": "affected", "version": "4.x", "versionType": "semver"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [{"type": "text/html", "value": "Devices are remotely being updated by the vendor.", "base64": false}]}], "datePublic": "2024-08-10T17:00:00.000Z", "references": [{"url": "https://csirt.divd.nl/CVE-2024-21878", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": ["related"]}, {"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-3", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.\nThis will ensure that the likelihood of any attacks that can get access to the OS and thus abuse this vulnerability is reduced.", "supportingMedia": [{"type": "text/html", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.<br>This will ensure that the likelihood of any attacks that can get access to the OS and thus abuse this vulnerability is reduced.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.<p>This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-10T17:44:48.892Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21878", "state": "PUBLISHED", "dateUpdated": "2024-08-12T14:30:47.907Z", "dateReserved": "2024-01-02T18:30:11.174Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2024-08-10T17:44:48.892Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "045C0178-42FE-4511-A182-AF3BA9545EF0", "versionEndExcluding": "8.2.4225", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "75882BE4-CF58-44B5-BA30-DD13BDFF78C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched."}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando (\"Inyecci\u00f3n de comando\") en Enphase IQ Gateway (anteriormente conocido como Envoy) permite la inyecci\u00f3n de comando del sistema operativo. Esta vulnerabilidad est\u00e1 presente en un script interno. Este problema afecta a Envoy: desde 4.x hasta 8.x inclusive y actualmente no est\u00e1 parcheado."}], "id": "CVE-2024-21878", "lastModified": "2024-08-23T17:52:11.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "IRRECOVERABLE", "safety": "PRESENT", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:I/V:C/RE:H/U:X", "version": "4.0", "vulnerabilityResponseEffort": "HIGH", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "csirt@divd.nl", "type": "Secondary"}]}, "published": "2024-08-12T13:38:15.107", "references": [{"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2024-21878"}, {"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/DIVD-2024-00011"}, {"source": "csirt@divd.nl", "tags": ["Vendor Advisory"], "url": "https://enphase.com/cybersecurity/advisories/ensa-2024-3"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "csirt@divd.nl", "type": "Secondary"}]}

{}