{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9924", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-10-14T02:10:19.229Z", "datePublished": "2024-10-14T03:23:21.849Z", "dateUpdated": "2024-10-15T14:35:57.173Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "OAKlouds-webbase-2.0", "product": "OAKlouds", "vendor": "Hgiga", "versions": [{"lessThan": "1162", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-10-14T03:18:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .</span>"}], "value": "The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently ."}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-10-14T03:23:21.849Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-2.0 to version 1162 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-3.0 to version 1162 or later.</span>\n\n<br>"}], "value": "Update OAKlouds-webbase-2.0 to version 1162 or later.\nUpdate OAKlouds-webbase-3.0 to version 1162 or later."}], "source": {"advisory": "TVN-202410004", "discovery": "EXTERNAL"}, "title": "Hgiga OAKlouds - Arbitrary File Read And Delete", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "hgiga", "product": "oaklouds", "cpes": ["cpe:2.3:a:hgiga:oaklouds:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1162", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-14T15:29:04.477495Z", "id": "CVE-2024-9924", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:35:57.173Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9924", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-14T15:29:04.477495Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hgiga:oaklouds:*:*:*:*:*:*:*:*"], "vendor": "hgiga", "product": "oaklouds", "versions": [{"status": "affected", "version": "0", "lessThan": "1162", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:35:50.255Z"}}], "cna": {"title": "Hgiga OAKlouds - Arbitrary File Read And Delete", "source": {"advisory": "TVN-202410004", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hgiga", "product": "OAKlouds", "versions": [{"status": "affected", "version": "0", "lessThan": "1162", "versionType": "custom"}], "packageName": "OAKlouds-webbase-2.0", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update OAKlouds-webbase-2.0 to version 1162 or later.\nUpdate OAKlouds-webbase-3.0 to version 1162 or later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-2.0 to version 1162 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-3.0 to version 1162 or later.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-10-14T03:18:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-10-14T03:23:21.849Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9924", "state": "PUBLISHED", "dateUpdated": "2024-10-15T14:35:57.173Z", "dateReserved": "2024-10-14T02:10:19.229Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-10-14T03:23:21.849Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently ."}, {"lang": "es", "value": "La correcci\u00f3n de CVE-2024-26261 no fue completa y el paquete espec\u00edfico para OAKlouds de Hgiga sigue en riesgo. Los atacantes remotos no autenticados a\u00fan pueden descargar archivos de sistema arbitrarios, que pueden eliminarse posteriormente."}], "id": "CVE-2024-9924", "lastModified": "2024-10-15T12:57:46.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-10-14T04:15:06.353", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}