cbcvebase.
CVE-2024-2421
published 2024-05-30

CVE-2024-2421: LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which…

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.52%
40.3th percentile
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.

Affected

2 ranges
VendorProductVersion rangeFixed in
honeywelllenels2_netbox< 5.6.25.6.2
lenels2netboxAll – 5.6.1

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-2421 is an unauthenticated OS Command Injection (CWE-78) in LenelS2 NetBox versions prior to and including 5.6.1, allowing remote code execution with elevated permissions — target NetBox web interfaces exposed to the network
  • CVE-2024-2421 is chained with CVE-2024-2420 (hard-coded credentials, CWE-259) — monitor for authentication bypass attempts followed by OS command injection activity on LenelS2 NetBox systems
  • Exploitation is remotely exploitable with low attack complexity (CVSS v4 9.3, AV:N/AC:L) — prioritize detection on internet-facing or network-accessible LenelS2 NetBox deployments
  • Affected product scope: LenelS2 NetBox all versions prior to 5.6.2 — use version fingerprinting to identify unpatched instances on the network
  • ·No known public exploitation has been reported as of the advisory publication date (May 30, 2024)
  • ·The vulnerability is described as 'unauthenticated' RCE in the NVD entry, but the CISA advisory CVSS vector (PR:H) indicates high privilege is required — the unauthenticated vector is likely achieved by first exploiting the hard-coded credentials in CVE-2024-2420

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.