We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-12903

Incorrect default permissions in Biamp Evoko Home



Description

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

Reserved 2024-12-23 | Published 2024-12-23 | Updated 2024-12-24 | Assigner INCIBE


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status
unaffected

2.4.2
affected

Credits

Alexander Huaman Jaimes finder

References

www.incibe.es/...orrect-default-permissions-biamp-evoko-home

cve.org (CVE-2024-12903)

nvd.nist.gov (CVE-2024-12903)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-12903

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.