How severe is CVE-2024-4163?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-4163?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-4163 - HIGH Severity | CVSS 8

Vulnerability Description

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway.

Related Vulnerabilities

CVE-2017-1000086

HIGH

CVSS:8.0(High)

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete...

CWE-8622017

CVE-2018-10092

HIGH

CVSS:8.0(High)

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

CWE-8622018

CVE-2021-24914

HIGH

CVSS:8.0(High)

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The firs...

CWE-8622021

CVE-2025-23025

HIGH

CVSS:8.0(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**,...

CWE-8622025

CVE-2017-17707

HIGH

CVSS:8.1(High)

Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions o...

CWE-8622017

CVE-2020-11511

HIGH

CVSS:8.1(High)

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

CWE-8622020