CVE-2024-21881 - OpenCVE

Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Enphase	Envoy

No data.

No data.

References

Link	Providers
https://csirt.divd.nl/CVE-2024-21881
https://csirt.divd.nl/DIVD-2024-00011
https://enphase.com/cybersecurity/advisories/ensa-2024-6

History

Mon, 12 Aug 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Enphase Enphase envoy
CPEs		cpe:2.3:h:enphase:envoy:-:::::::*
Vendors & Products		Enphase Enphase envoy
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 10 Aug 2024 18:00:00 +0000

Type	Values Removed	Values Added
Description		Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
Title		Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
Weaknesses		CWE-326
References		https://csirt.divd.nl/CVE-2024-21881 https://csirt.divd.nl/DIVD-2024-00011 https://enphase.com/cybersecurity/advisories/ensa-2024-6
Metrics		cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H'}`

MITRE

Status: PUBLISHED

Assigner: DIVD

Published: 2024-08-10T17:44:48.033Z

Updated: 2024-08-12T16:37:24.533Z

Reserved: 2024-01-02T18:30:11.175Z

Link: CVE-2024-21881

Vulnrichment

Updated: 2024-08-12T16:37:18.414Z

NVD

Status : Awaiting Analysis

Published: 2024-08-12T13:38:15.500

Modified: 2024-08-12T13:41:36.517

Link: CVE-2024-21881

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21881", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2024-01-02T18:30:11.175Z", "datePublished": "2024-08-10T17:44:48.033Z", "dateUpdated": "2024-08-12T16:37:24.533Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-10T17:44:48.033Z"}, "title": "Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x", "datePublic": "2024-08-10T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "Enphase", "product": "Envoy", "versions": [{"status": "affected", "version": "5.x", "versionType": "semver"}, {"status": "affected", "version": "4.x", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.<p>This issue affects Envoy: 4.x and 5.x</p>"}]}], "references": [{"url": "https://csirt.divd.nl/CVE-2024-21881", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": ["related"]}, {"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-6", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H"}}], "workarounds": [{"lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network."}]}], "solutions": [{"lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Devices are remotely being updated by the vendor."}]}], "credits": [{"lang": "en", "value": "Wietse Boonstra of DIVD", "type": "finder"}, {"lang": "en", "value": "Hidde Smit of DIVD", "type": "finder"}, {"lang": "en", "value": "Frank Breedijk of DIVD", "type": "analyst"}, {"lang": "en", "value": "Max van der Horst of DIVD", "type": "analyst"}], "source": {"advisory": "DIVD-2024-00011", "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "enphase", "product": "envoy", "cpes": ["cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.x", "status": "affected"}, {"version": "5.x", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T16:33:02.874377Z", "id": "CVE-2024-21881", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T16:37:24.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21881", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-12T16:33:02.874377Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*"], "vendor": "enphase", "product": "envoy", "versions": [{"status": "affected", "version": "4.x"}, {"status": "affected", "version": "5.x"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T16:37:18.414Z"}}], "cna": {"title": "Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x", "source": {"advisory": "DIVD-2024-00011", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Wietse Boonstra of DIVD"}, {"lang": "en", "type": "finder", "value": "Hidde Smit of DIVD"}, {"lang": "en", "type": "analyst", "value": "Frank Breedijk of DIVD"}, {"lang": "en", "type": "analyst", "value": "Max van der Horst of DIVD"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 8.6, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Enphase", "product": "Envoy", "versions": [{"status": "affected", "version": "5.x", "versionType": "semver"}, {"status": "affected", "version": "4.x", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [{"type": "text/html", "value": "Devices are remotely being updated by the vendor.", "base64": false}]}], "datePublic": "2024-08-10T17:00:00.000Z", "references": [{"url": "https://csirt.divd.nl/CVE-2024-21881", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": ["related"]}, {"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-6", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.", "supportingMedia": [{"type": "text/html", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x", "supportingMedia": [{"type": "text/html", "value": "Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.<p>This issue affects Envoy: 4.x and 5.x</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2024-08-10T17:44:48.033Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21881", "state": "PUBLISHED", "dateUpdated": "2024-08-12T16:37:24.533Z", "dateReserved": "2024-01-02T18:30:11.175Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2024-08-10T17:44:48.033Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x"}], "id": "CVE-2024-21881", "lastModified": "2024-08-12T13:41:36.517", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "IRRECOVERABLE", "safety": "PRESENT", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:I/V:C/RE:H/U:X", "version": "4.0", "vulnerabilityResponseEffort": "HIGH", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "csirt@divd.nl", "type": "Secondary"}]}, "published": "2024-08-12T13:38:15.500", "references": [{"source": "csirt@divd.nl", "url": "https://csirt.divd.nl/CVE-2024-21881"}, {"source": "csirt@divd.nl", "url": "https://csirt.divd.nl/DIVD-2024-00011"}, {"source": "csirt@divd.nl", "url": "https://enphase.com/cybersecurity/advisories/ensa-2024-6"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "csirt@divd.nl", "type": "Secondary"}]}