CVE-2024-48729

HIGH EPSS 33.6%

Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago

7.1 CVSS 3.1

High

Published Jul 25, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component.

CVSS Details

Base Score

7.1

Exploitability

2.8

Impact

4.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

33.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

References 3

etsi.com http://etsi.com
open.com http://open.com
osmium.solutions https://www.osmium.solutions/articles/osm-mano-vulnerability-discovery.html#3

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.