Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway
CVE-2024-2012

9.8CRITICAL

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

Badges

💰 Ransomware👾 Exploit Exists

What is CVE-2024-2012?

A vulnerability exists within the FOXMAN-UN/UNEM server and API Gateway that poses a significant risk if exploited. Attackers could potentially send unauthorized commands or inject harmful code into the UNEM server, compromising sensitive data integrity and confidentiality. This may enable the reading or alteration of critical information, resulting in unpredictable application behavior and serious security implications.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B PC2

FOXMAN-UN FOXMAN-UN R15B PC4

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Dec 10, 2024
👾
Exploit known to exist
Dec 10, 2024
Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 29, 2024

Hitachi

Badges

What is CVE-2024-2012?

Affected Version(s)

References

CVSS V3.1

Timeline