CVE-2024-42639 — CRITICAL (9.8)

Vulnerability Description

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
H3C	Gr1100-P Firmware	100r009
H3C	Gr1100-P	-

Related Weaknesses (CWE)

CWE-259

References

https://palm-vertebra-fe9.notion.site/H3C-GR1100-PV100R009-was-discovered-to-conExploitThird Party Advisory
https://www.h3c.com/cn/d_202308/1912371_30005_0.htmProduct

FAQ

What is CVE-2024-42639?

CVE-2024-42639 is a vulnerability with a CVSS score of 9.8 (CRITICAL). H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.

How severe is CVE-2024-42639?

CVE-2024-42639 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-42639?

Check the references section above for vendor advisories and patch information. Affected products include: H3C Gr1100-P Firmware, H3C Gr1100-P.