CVE-2024-45246 - Vulnerability Details - OpenCVE

Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dieboldnixdorf	Vynamic View

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-41385	Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Fixes

Solution

Upgrade to v5.9.5 or greater

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dieboldnixdorf Dieboldnixdorf vynamic View
CPEs		cpe:2.3:a:dieboldnixdorf:vynamic_view::::::::
Vendors & Products		Dieboldnixdorf Dieboldnixdorf vynamic View
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sun, 06 Oct 2024 12:00:00 +0000

Type	Values Removed	Values Added
Description		Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
Title		Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
Weaknesses		CWE-427
References		https://www.gov.il/en/Departments/faq/cve_advisories
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-10-06T11:49:16.249Z

Updated: 2024-10-07T15:35:51.388Z

Reserved: 2024-08-25T06:16:04.248Z

Link: CVE-2024-45246

Vulnrichment

Updated: 2024-10-07T15:35:46.560Z

NVD

Status : Awaiting Analysis

Published: 2024-10-06T12:15:05.060

Modified: 2024-10-07T17:47:48.410

Link: CVE-2024-45246

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45246", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-08-25T06:16:04.248Z", "datePublished": "2024-10-06T11:49:16.249Z", "dateUpdated": "2024-10-07T15:35:51.388Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vynamic View prior to v5.9.5", "vendor": "Diebold Nixdorf", "versions": [{"lessThan": "Upgrade to v5.9.5 or greater", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Itamar Yochpaz, Daniel Alatash - komodosec"}], "datePublic": "2024-10-06T11:46:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element<br><br><br>"}], "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-10-06T11:49:16.249Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to v5.9.5 or greater</span>\n\n<br>"}], "value": "Upgrade to v5.9.5 or greater"}], "source": {"advisory": "ILVN-2024-0198", "discovery": "UNKNOWN"}, "title": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dieboldnixdorf", "product": "vynamic_view", "cpes": ["cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "5.9.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-07T15:33:39.337132Z", "id": "CVE-2024-45246", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T15:35:51.388Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element", "source": {"advisory": "ILVN-2024-0198", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Itamar Yochpaz, Daniel Alatash - komodosec"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Diebold Nixdorf", "product": "Vynamic View prior to v5.9.5", "versions": [{"status": "affected", "version": "All versions", "lessThan": "Upgrade to v5.9.5 or greater", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to v5.9.5 or greater", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to v5.9.5 or greater</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-10-06T11:46:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element", "supportingMedia": [{"type": "text/html", "value": "Diebold Nixdorf \u2013 CWE-427: Uncontrolled Search Path Element<br><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-10-06T11:49:16.249Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45246", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-07T15:33:39.337132Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dieboldnixdorf:vynamic_view:*:*:*:*:*:*:*:*"], "vendor": "dieboldnixdorf", "product": "vynamic_view", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-07T15:35:46.560Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-45246", "state": "PUBLISHED", "dateUpdated": "2024-10-06T11:49:16.249Z", "dateReserved": "2024-08-25T06:16:04.248Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-10-06T11:49:16.249Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}