{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9677", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-10-09T05:14:46.238Z", "datePublished": "2024-10-22T01:19:53.188Z", "dateUpdated": "2024-10-22T15:52:56.281Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "USG FLEX H series uOS firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "<= V1.21"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions&nbsp;could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."}], "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-10-22T01:19:53.188Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zyxel", "product": "usg_flex_700h_firmware", "cpes": ["cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.21", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T14:29:58.494312Z", "id": "CVE-2024-9677", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:52:56.281Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9677", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-22T14:29:58.494312Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "usg_flex_700h_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.21"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:52:50.342Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "USG FLEX H series uOS firmware", "versions": [{"status": "affected", "version": "<= V1.21"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.", "supportingMedia": [{"type": "text/html", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions&nbsp;could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-10-22T01:19:53.188Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9677", "state": "PUBLISHED", "dateUpdated": "2024-10-22T15:52:56.281Z", "dateReserved": "2024-10-09T05:14:46.238Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-10-22T01:19:53.188Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B53BCCF3-FFFC-4E52-997E-36A632C81F00", "versionEndExcluding": "1.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*", "matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."}, {"lang": "es", "value": "La vulnerabilidad de credenciales insuficientemente protegidas en el comando CLI de la versi\u00f3n de firmware uOS V1.21 y versiones anteriores de la serie USG FLEX H podr\u00eda permitir que un atacante local autenticado obtenga una escalada de privilegios al robar el token de autenticaci\u00f3n de un administrador que inici\u00f3 sesi\u00f3n. Tenga en cuenta que este ataque podr\u00eda tener \u00e9xito solo si el administrador no ha cerrado sesi\u00f3n."}], "id": "CVE-2024-9677", "lastModified": "2024-12-05T22:11:15.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-22T02:15:04.380", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}

{}

{}