CVE-2024-7265

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

ncorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

References

Link	Resource
https://cert.pl/en/posts/2024/08/CVE-2024-7265/
https://cert.pl/posts/2024/08/CVE-2024-7265/
https://www.gov.pl/web/ezd-rp	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nask:ezd_rp::::::::
	cpe:2.3:a:nask:ezd_rp::::::::
	cpe:2.3:a:nask:ezd_rp::::::::

History

17 Mar 2025, 09:15

Type	Values Removed	Values Added
References	~~{'url': 'https://cert.pl/en/posts/2024/08/CVE-2023-7265/', 'tags': ['Broken Link'], 'source': '[email protected]'}~~ ~~{'url': 'https://cert.pl/posts/2024/08/CVE-2023-7265/', 'tags': ['Broken Link'], 'source': '[email protected]'}~~	() https://cert.pl/en/posts/2024/08/CVE-2024-7265/ - () https://cert.pl/posts/2024/08/CVE-2024-7265/ -

10 Oct 2024, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-286~~
Summary	(en) Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.	(en) Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

23 Aug 2024, 15:09

Type	Values Removed	Values Added
References	~~() https://cert.pl/en/posts/2024/08/CVE-2023-7265/ -~~	() https://cert.pl/en/posts/2024/08/CVE-2023-7265/ - Broken Link
References	~~() https://cert.pl/posts/2024/08/CVE-2023-7265/ -~~	() https://cert.pl/posts/2024/08/CVE-2023-7265/ - Broken Link
References	~~() https://www.gov.pl/web/ezd-rp -~~	() https://www.gov.pl/web/ezd-rp - Product
CWE		CWE-863
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:nask:ezd_rp::::::::
Summary	(en) Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.	(en) Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
First Time		Nask Nask ezd Rp

08 Aug 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-07 11:15

Updated : 2025-03-17 09:15

NVD link : CVE-2024-7265

Mitre link : CVE-2024-7265

CVE.ORG link : CVE-2024-7265

JSON object : View

Products Affected

nask

ezd_rp

CWE

CWE-863

Incorrect Authorization

8.8 /10