A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.
Fixes

Solution

No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly.


Workaround

No workaround given by the vendor.

History

Mon, 30 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Mon, 12 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Proges
Proges thermoscan Ip
CPEs cpe:2.3:a:proges:thermoscan_ip:20211103:*:*:*:*:*:*:*
Vendors & Products Proges
Proges thermoscan Ip

cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2024-09-30T14:08:22.100Z

Reserved: 2024-03-29T08:32:14.699Z

Link: CVE-2024-31202

cve-icon Vulnrichment

Updated: 2024-07-31T16:16:02.020Z

cve-icon NVD

Status : Modified

Published: 2024-07-31T14:15:05.127

Modified: 2024-09-30T15:15:05.190

Link: CVE-2024-31202

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.