Low-Privileged User Can Execute Arbitrary Code Remotely on Device with High Privileges

CVE-2024-2162

8.8HIGH

Key Information

Vendor: Kiloview
Status: Ndi
Vendor: Published:; 21 March 2024

Summary

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Affected Version(s)

NDI <= N3 Firmware 2.02.0227

NDI >= N3 Firmware 2.02.0227

NDI >= N3-s Firmware 2.02.0227

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Mar 21, 2024
Vulnerability Reserved.
Mar 4, 2024

Collectors

NVD DatabaseMitre Database

Credit

Milan Duric, EBU