Access Commander
CVE-2024-47253
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
AnalysisAI
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles. Affected products include: 2N Access Commander.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Access Commander
View allInsufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which co
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation al
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be incl
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CV
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today