Vulnerability Description
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Lenels2 Netbox | < 5.6.2 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01US Government ResourceVendor Advisory
- https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pBroken Link
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01US Government ResourceVendor Advisory
- https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pBroken Link
FAQ
What is CVE-2024-2421?
CVE-2024-2421 is a vulnerability with a CVSS score of 9.8 (CRITICAL). LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious comma...
How severe is CVE-2024-2421?
CVE-2024-2421 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-2421?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Lenels2 Netbox.