Atos iCare Application Remotely Exploitable with System Privileges
CVE-2024-42017

Currently unrated

Key Information:

Vendor: Atos
Vendor: CVE Published:; 30 September 2024

What is CVE-2024-42017?

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

References

https://eviden.com

https://support.bull.com/ols/product/security/psirt/secur...

Timeline

Vulnerability published
Sep 30, 2024