Low-Privileged User Can Execute Arbitrary Code Remotely on Device with High Privileges
CVE-2024-2162
8.8HIGH
Key Information
- Vendor
- Kiloview
- Status
- Ndi
- Vendor
- Published:
- 21 March 2024
Summary
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Affected Version(s)
NDI <= N3 Firmware 2.02.0227
NDI >= N3 Firmware 2.02.0227
NDI >= N3-s Firmware 2.02.0227
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Milan Duric, EBU