CVE-2024-30117 - Vulnerability Details - OpenCVE

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Bigfix Platform

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::
	cpe:2.3:a:hcltech:bigfix_platform::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-28053	A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659

History

Thu, 17 Oct 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech bigfix Platform
CPEs		cpe:2.3:a:hcltech:bigfix_platform::::::::
Vendors & Products		Hcltech Hcltech bigfix Platform

Tue, 15 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 14 Oct 2024 23:00:00 +0000

Type	Values Removed	Values Added
Description		A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
Title		HCL BigFix Platform is affected by a DLL Hijack vulnerability
Weaknesses		CWE-427
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659
Metrics		cvssV3_1 `{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-10-14T22:55:56.979Z

Updated: 2024-10-15T13:40:40.322Z

Reserved: 2024-03-22T23:57:22.506Z

Link: CVE-2024-30117

Vulnrichment

Updated: 2024-10-15T13:40:35.024Z

NVD

Status : Analyzed

Published: 2024-10-14T23:15:11.407

Modified: 2024-10-17T21:01:17.807

Link: CVE-2024-30117

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30117", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-03-22T23:57:22.506Z", "datePublished": "2024-10-14T22:55:56.979Z", "dateUpdated": "2024-10-15T13:40:40.322Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Platform", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9.5 - 9.5.24, 10.0 - 10.0.11, 11.0.0 - 11.0.2"}]}], "datePublic": "2024-10-14T22:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.</span><br>"}], "value": "A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-14T22:55:56.979Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Platform is affected by a DLL Hijack vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T13:40:30.687796Z", "id": "CVE-2024-30117", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T13:40:40.322Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30117", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T13:40:30.687796Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T13:40:35.024Z"}}], "cna": {"title": "HCL BigFix Platform is affected by a DLL Hijack vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix Platform", "versions": [{"status": "affected", "version": "9.5 - 9.5.24, 10.0 - 10.0.11, 11.0.0 - 11.0.2"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-14T22:40:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-14T22:55:56.979Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30117", "state": "PUBLISHED", "dateUpdated": "2024-10-15T13:40:40.322Z", "dateReserved": "2024-03-22T23:57:22.506Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-10-14T22:55:56.979Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "89381821-8CEB-4749-BDF3-96ACAE9030BE", "versionEndExcluding": "9.5.25", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "60CBB527-DAB4-4686-8706-0669FE5D04C0", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F001532-936A-4035-AE05-C68080C0A211", "versionEndExcluding": "11.0.3", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances."}, {"lang": "es", "value": "Una b\u00fasqueda din\u00e1mica de una librer\u00eda de requisitos previos podr\u00eda permitir que un atacante reemplace el archivo correcto en algunas circunstancias."}], "id": "CVE-2024-30117", "lastModified": "2024-10-17T21:01:17.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-10-14T23:15:11.407", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116659"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@hcl.com", "type": "Secondary"}]}