CVE-2024-50358
published 2024-11-26CVE-2024-50358: A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=…
PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.52%
40.3th percentile
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | eki-6333ac-1gpo | <= <= 1.2.1 | — |
| advantech | eki-6333ac-1gpo_firmware | < 1.2.2 | 1.2.2 |
| advantech | eki-6333ac-2g | <= <= 1.6.3 | — |
| advantech | eki-6333ac-2g_firmware | < 1.6.5 | 1.6.5 |
| advantech | eki-6333ac-2gd | <= <= 1.6.3 | — |
| advantech | eki-6333ac-2gd_firmware | < 1.6.5 | 1.6.5 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfqv-qjxh-rprm: A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G
ghsa_unreviewed·2024-11-26
CVE-2024-50358 [HIGH] CWE-15 GHSA-mfqv-qjxh-rprm: A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.
Microsoft
Windows Kernel Information Disclosure Vulnerability
vendor_msrc·2024-03-12·CVSS 5.5
CVE-2024-26177 [MEDIUM] CWE-200 Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view.
Windows Kernel: Windows Kernel
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849
Reference: https://support.microsoft.com/help/5035849
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857
Reference: https://support.microsoft.com/help/50358
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-26
Published