CVE-2024-25008
MEDIUM EPSS 20.7%
Published Aug 16, 20241y ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Published Aug 16, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector Adjacent
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
20.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
References 1
- ericsson.com https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.