CVE-2024-22186 - OpenCVE

The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-04-18T22:08:17.798Z

Updated: 2024-08-08T15:41:44.543Z

Reserved: 2024-01-05T22:07:42.986Z

Link: CVE-2024-22186

Vulnrichment

Updated: 2024-08-01T22:35:34.875Z

NVD

Status : Awaiting Analysis

Published: 2024-04-18T23:15:07.310

Modified: 2024-05-28T17:15:09.680

Link: CVE-2024-22186

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22186", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-01-05T22:07:42.986Z", "datePublished": "2024-04-18T22:08:17.798Z", "dateUpdated": "2024-08-08T15:41:44.543Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Compact DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}]}, {"defaultStatus": "unaffected", "product": "Medium DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "High Power DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}]}, {"defaultStatus": "unaffected", "product": "Compact FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "Modular FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}]}, {"defaultStatus": "unaffected", "product": "Digital FM Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "40kW", "status": "affected", "version": "15W", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VHF TV Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}]}, {"defaultStatus": "unaffected", "product": "UHF TV Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "5kW", "status": "affected", "version": "10W", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."}], "value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:46:35.737Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"}], "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.875Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "electrolink", "product": "compact dab transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10w", "status": "affected"}]}, {"vendor": "electrolink", "product": "compact dab transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "100w", "status": "affected"}]}, {"vendor": "electrolink", "product": "compact dab transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "250w", "status": "affected"}]}, {"vendor": "electrolink", "product": "medium dab transmitter", "cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "medium dab transmitter", "cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "medium dab transmitter", "cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "500w", "status": "affected"}]}, {"vendor": "electrolink", "product": "high power dab transmitter", "cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "high power dab transmitter", "cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "high power dab transmitter", "cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "high power dab transmitter", "cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "compact fm transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "500w", "status": "affected"}]}, {"vendor": "electrolink", "product": "compact fm transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "compact fm transmitter", "cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "modular fm transmitter", "cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "30kw", "status": "affected"}]}, {"vendor": "electrolink", "product": "digital fm transmitter", "cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15w", "status": "affected"}]}, {"vendor": "electrolink", "product": "vhf tv transmitter", "cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "bi", "status": "affected"}]}, {"vendor": "electrolink", "product": "vhf tv transmitter", "cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "bii", "status": "affected"}]}, {"vendor": "electrolink", "product": "uhf tv transmitter", "cpes": ["cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10w", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-20T17:13:45.522317Z", "id": "CVE-2024-22186", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T15:41:44.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.875Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22186", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T17:13:45.522317Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "10w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "100w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "250w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "1kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "2kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "500w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "2.5kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "3kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "4kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "5kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "500w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "1kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "2kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "3kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "5kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "10kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "15kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "20kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "30kw"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "digital fm transmitter", "versions": [{"status": "affected", "version": "15w"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "bi"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "bii"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "uhf tv transmitter", "versions": [{"status": "affected", "version": "10w"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T17:11:56.612Z"}}], "cna": {"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking", "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Electrolink", "product": "Compact DAB Transmitter", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Medium DAB Transmitter", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "High Power DAB Transmitter", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Compact FM Transmitter", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Modular FM Transmitter", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Digital FM Transmitter", "versions": [{"status": "affected", "version": "15W", "versionType": "custom", "lessThanOrEqual": "40kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "VHF TV Transmitter", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "UHF TV Transmitter", "versions": [{"status": "affected", "version": "10W", "versionType": "custom", "lessThanOrEqual": "5kW"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "workarounds": [{"lang": "en", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.", "supportingMedia": [{"type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator.", "supportingMedia": [{"type": "text/html", "value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:46:35.737Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22186", "state": "PUBLISHED", "dateUpdated": "2024-08-08T15:41:44.543Z", "dateReserved": "2024-01-05T22:07:42.986Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-04-18T22:08:17.798Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."}, {"lang": "es", "value": "La aplicaci\u00f3n sufre una vulnerabilidad de escalada de privilegios. Un atacante que haya iniciado sesi\u00f3n como invitado puede aumentar sus privilegios envenenando la cookie para convertirse en administrador."}], "id": "CVE-2024-22186", "lastModified": "2024-05-28T17:15:09.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-04-18T23:15:07.310", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-565"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}