The AIG-301 Series prior to version 1.5 is affected by multiple Azure uAMQP vulnerabilities. Successful exploitation of these vulnerabilities could remote code execution.
The identified vulnerability types and potential impacts are shown below:
Item |
Vulnerability Type |
Impact |
1 |
Double free (CWE-415)
CVE-2024-27099
|
An attacker can process an incorrect `AMQP_VALUE` failed state that may cause a double free problem. This may cause an RCE. |
2 |
Improper Control of Generation of Code ('Code Injection') (CWE-97)
CVE-2024-25110 |
An attacker can trigger a use-after-free issue and may cause a remote code execution. |
3 |
Improper Control of Generation of Code ('Code Injection') (CWE-97)
CVE-2024-21646 |
An attacker may craft binary type data. An integer overflow, or wraparound, or memory safety issue can occur and may cause remote code execution. |
Vulnerability Scoring Details
ID
|
CVSS
|
Vector
|
Severity
|
Remote Exploit without Auth?
|
CVE-2024-27099
|
9.8
|
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Critical
|
Yes
|
CVE-2024-25110 |
9.8 |
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Critical |
Yes |
CVE-2024-21646 |
9.8 |
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Critical |
Yes |