2N Access Commander Versions 3.1.1.2 and Prior Vulnerable to Path Traversal Attacks
CVE-2024-47253

7.2HIGH

Key Information:

Vendor: 2n
Status: 2n Access Commander
Vendor: CVE Published:; 5 November 2024

What is CVE-2024-47253?

In versions of 2N Access Commander up to and including 3.1.1.2, a Path Traversal vulnerability exists that could potentially allow an attacker with administrative privileges to write files anywhere on the filesystem. This poses a significant risk as it enables the possibility of arbitrary remote code execution. However, this vulnerability is not exploitable by users with lower privilege roles, thereby limiting its scope of impact to those with administrative capabilities.

Affected Version(s)

2N Access Commander <=3.1.1.2

References

https://www.2n.com/en-GB/download/Access-Commander-Securi...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Sep 23, 2024