{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31202", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2024-03-29T08:32:14.699Z", "datePublished": "2024-07-31T13:17:59.411Z", "dateUpdated": "2024-09-30T14:08:22.100Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Thermoscan IP", "vendor": "Plug&Track", "versions": [{"status": "affected", "version": "20211103", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource\u201d in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation."}], "value": "A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource\u201d in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-30T14:08:22.100Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31202"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly."}], "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly."}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "plug\\&track", "product": "thermoscan_ip", "cpes": ["cpe:2.3:a:plug\\&track:thermoscan_ip:20211103:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20211103", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T16:12:35.449038Z", "id": "CVE-2024-31202", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T16:16:50.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31202", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-31T16:12:35.449038Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:plug\\&track:thermoscan_ip:20211103:*:*:*:*:*:*:*"], "vendor": "plug\\&track", "product": "thermoscan_ip", "versions": [{"status": "affected", "version": "20211103"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T16:16:02.020Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Plug&Track", "product": "Thermoscan IP", "versions": [{"status": "affected", "version": "20211103", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly.", "supportingMedia": [{"type": "text/html", "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly.", "base64": false}]}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31202"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource\u201d in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.", "supportingMedia": [{"type": "text/html", "value": "A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource\u201d in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-30T14:08:22.100Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31202", "state": "PUBLISHED", "dateUpdated": "2024-09-30T14:08:22.100Z", "dateReserved": "2024-03-29T08:32:14.699Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2024-07-31T13:17:59.411Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proges:thermoscan_ip:20211103:*:*:*:*:*:*:*", "matchCriteriaId": "19996105-63B1-46E4-A90F-D5C414718F47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource\u201d in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation."}, {"lang": "es", "value": " Un \"CWE-732: Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos\" en la carpeta de instalaci\u00f3n de ThermoscanIP permite a un atacante local realizar una escalada de privilegios local."}], "id": "CVE-2024-31202", "lastModified": "2024-09-30T15:15:05.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2024-07-31T14:15:05.127", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31202"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}

{}