CVE-2024-0315 — MEDIUM (6.6)

Vulnerability Description

Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Fireeye	Central Management	9.1.1.956704

Related Weaknesses (CWE)

CWE-98

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireVendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireVendor Advisory

FAQ

What is CVE-2024-0315?

CVE-2024-0315 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report c...

How severe is CVE-2024-0315?

CVE-2024-0315 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0315?

Check the references section above for vendor advisories and patch information. Affected products include: Fireeye Central Management.