Insecure Permissions Vulnerability in VITEC AvediaServer
CVE-2024-35102

8.8HIGH

Key Information:

Vendor

VITEC

Vendor
CVE Published:
15 May 2024

What is CVE-2024-35102?

AvediaServer version 8.6.2-1 is vulnerable to an insecure permissions issue that permits unauthorized remote access, allowing attackers to escalate privileges by executing specially crafted scripts. This vulnerability poses a significant risk as it can lead to unauthorized system control and exploitation of sensitive data. Organizations utilizing AvediaServer should take immediate precautions to secure their systems against potential attacks exploiting this flaw.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.