{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51722", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2024-10-30T17:19:06.485Z", "datePublished": "2024-11-12T18:08:12.921Z", "dateUpdated": "2024-11-13T15:31:37.945Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["SecuSUITE Server (System Configuration)"], "product": "SecuSUITE", "vendor": "BlackBerry", "versions": [{"status": "affected", "version": "5.0.420"}]}], "datePublic": "2024-11-12T18:04:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A </span><span style=\"background-color: rgb(255, 255, 255);\">local privilege escalation</span><span style=\"background-color: rgb(255, 255, 255);\"> vulnerability in the </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> Server </span><span style=\"background-color: rgb(255, 255, 255);\">(System Configuration) </span><span style=\"background-color: rgb(255, 255, 255);\">of </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> versions 5.0.420 and earlier could allow a</span><span style=\"background-color: rgb(255, 255, 255);\"> successful</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker </span><span style=\"background-color: rgb(255, 255, 255);\">that had gained control of code running under one of the system accounts listed in the configuration file </span><span style=\"background-color: rgb(255, 255, 255);\">to potentially </span><span style=\"background-color: rgb(255, 255, 255);\">issue privileged script commands</span><span style=\"background-color: rgb(255, 255, 255);\">.</span>"}], "value": "A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands."}], "impacts": [{"capecId": "CAPEC-69", "descriptions": [{"lang": "en", "value": "CAPEC-69 Target Programs with Elevated Privileges"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250 - Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2024-11-12T18:47:36.960Z"}, "references": [{"url": "https://support.blackberry.com/pkb/s/article/140220"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "blackberry", "product": "secusuite", "cpes": ["cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0.420", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T15:30:34.416241Z", "id": "CVE-2024-51722", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T15:31:37.945Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-69", "descriptions": [{"lang": "en", "value": "CAPEC-69 Target Programs with Elevated Privileges"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "modules": ["SecuSUITE Server (System Configuration)"], "product": "SecuSUITE", "versions": [{"status": "affected", "version": "5.0.420"}], "defaultStatus": "unaffected"}], "datePublic": "2024-11-12T18:04:00.000Z", "references": [{"url": "https://support.blackberry.com/pkb/s/article/140220"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A </span><span style=\"background-color: rgb(255, 255, 255);\">local privilege escalation</span><span style=\"background-color: rgb(255, 255, 255);\"> vulnerability in the </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> Server </span><span style=\"background-color: rgb(255, 255, 255);\">(System Configuration) </span><span style=\"background-color: rgb(255, 255, 255);\">of </span><span style=\"background-color: rgb(255, 255, 255);\">SecuSUITE</span><span style=\"background-color: rgb(255, 255, 255);\"> versions 5.0.420 and earlier could allow a</span><span style=\"background-color: rgb(255, 255, 255);\"> successful</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker </span><span style=\"background-color: rgb(255, 255, 255);\">that had gained control of code running under one of the system accounts listed in the configuration file </span><span style=\"background-color: rgb(255, 255, 255);\">to potentially </span><span style=\"background-color: rgb(255, 255, 255);\">issue privileged script commands</span><span style=\"background-color: rgb(255, 255, 255);\">.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 - Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2024-11-12T18:47:36.960Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51722", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-13T15:30:34.416241Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:blackberry:secusuite:*:*:*:*:*:*:*:*"], "vendor": "blackberry", "product": "secusuite", "versions": [{"status": "affected", "version": "5.0.420"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-11-13T15:31:31.011Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-51722", "state": "PUBLISHED", "dateUpdated": "2024-11-12T18:47:36.960Z", "dateReserved": "2024-10-30T17:19:06.485Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2024-11-12T18:08:12.921Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios locales en el servidor SecuSUITE (configuraci\u00f3n del sistema) de las versiones 5.0.420 y anteriores de SecuSUITE podr\u00eda permitir que un atacante exitoso que haya obtenido el control del c\u00f3digo que se ejecuta bajo una de las cuentas del sistema enumeradas en el archivo de configuraci\u00f3n potencialmente emita comandos de script privilegiados."}], "id": "CVE-2024-51722", "lastModified": "2024-11-13T17:01:16.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secure@blackberry.com", "type": "Secondary"}]}, "published": "2024-11-12T19:15:18.397", "references": [{"source": "secure@blackberry.com", "url": "https://support.blackberry.com/pkb/s/article/140220"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "secure@blackberry.com", "type": "Secondary"}]}

{}

{}