CVE-2024-38494 - OpenCVE

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2024-07-15T14:03:53.924Z

Updated: 2024-08-02T04:12:24.726Z

Reserved: 2024-06-18T06:18:01.976Z

Link: CVE-2024-38494

Vulnrichment

Updated: 2024-08-02T04:12:24.726Z

NVD

Status : Awaiting Analysis

Published: 2024-07-15T14:15:03.420

Modified: 2024-08-01T13:54:53.837

Link: CVE-2024-38494

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38494", "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "state": "PUBLISHED", "assignerShortName": "symantec", "dateReserved": "2024-06-18T06:18:01.976Z", "datePublished": "2024-07-15T14:03:53.924Z", "dateUpdated": "2024-08-02T04:12:24.726Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Symantec Privileged Access Management", "vendor": "Broadcom", "versions": [{"status": "affected", "version": "4.1.0 - 4.1.7"}, {"status": "affected", "version": "3.4.6"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Abdel Adim `smaury` Oisfi of Shielder (https://www.shielder.com) - research@shielder.com"}, {"lang": "en", "type": "finder", "value": "Paolo Cavagli\u00e0 of Shielder (https://www.shielder.com) - research@shielder.com"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.</span>\n\n"}], "value": "This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec", "dateUpdated": "2024-07-15T14:03:53.924Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"}], "source": {"discovery": "UNKNOWN"}, "title": "Symantec Privileged Access Manager Remote Command Execution vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-444", "lang": "en", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "affected": [{"vendor": "broadcom", "product": "symantec_privileged_access_management", "cpes": ["cpe:2.3:a:broadcom:symantec_privileged_access_management:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.1.0", "status": "affected", "lessThanOrEqual": "4.1.7", "versionType": "custom"}, {"version": "3.4.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-15T20:06:23.210982Z", "id": "CVE-2024-38494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T14:42:36.168Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.726Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.726Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-15T20:06:23.210982Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:broadcom:symantec_privileged_access_management:*:*:*:*:*:*:*:*"], "vendor": "broadcom", "product": "symantec_privileged_access_management", "versions": [{"status": "affected", "version": "4.1.0", "versionType": "custom", "lessThanOrEqual": "4.1.7"}, {"status": "affected", "version": "3.4.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T20:23:23.687Z"}}], "cna": {"title": "Symantec Privileged Access Manager Remote Command Execution vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Abdel Adim `smaury` Oisfi of Shielder (https://www.shielder.com) - research@shielder.com"}, {"lang": "en", "type": "finder", "value": "Paolo Cavagli\u00e0 of Shielder (https://www.shielder.com) - research@shielder.com"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Broadcom", "product": "Symantec Privileged Access Management", "versions": [{"status": "affected", "version": "4.1.0 - 4.1.7"}, {"status": "affected", "version": "3.4.6"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.</span>\n\n", "base64": false}]}], "providerMetadata": {"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec", "dateUpdated": "2024-07-15T14:03:53.924Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38494", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:12:24.726Z", "dateReserved": "2024-06-18T06:18:01.976Z", "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "datePublished": "2024-07-15T14:03:53.924Z", "assignerShortName": "symantec"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request."}, {"lang": "es", "value": "Esta vulnerabilidad permite a un usuario de PAM autenticado con altos privilegios lograr la ejecuci\u00f3n remota de comandos en el sistema PAM afectado enviando una solicitud HTTP especialmente manipulada."}], "id": "CVE-2024-38494", "lastModified": "2024-08-01T13:54:53.837", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "secure@symantec.com", "type": "Secondary"}]}, "published": "2024-07-15T14:15:03.420", "references": [{"source": "secure@symantec.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}