Arbitrary System Command Execution Vulnerability in ASKEY 5G NR Small Cell
CVE-2024-5403

7.2HIGH

Key Information:

Vendor: Askey
Status: 5g Nr Small Cell
Vendor: CVE Published:; 27 May 2024

What is CVE-2024-5403?

The ASKEY 5G NR Small Cell is vulnerable to a security flaw where inadequate input filtering allows remote attackers, who have administrator privileges, to execute arbitrary system commands. This vulnerability could potentially compromise the integrity of the affected systems, making it imperative for organizations using this technology to implement appropriate security measures and updates. Ensuring that user input is thoroughly validated before processing is essential to mitigate such risks.

Affected Version(s)

5G NR Small Cell nsc 2.1 V6

References

https://www.twcert.org.tw/tw/cp-132-7821-87e38-1.html

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
May 27, 2024

Askey

What is CVE-2024-5403?

Affected Version(s)

References

CVSS V3.1

Timeline