How severe is CVE-2024-42018?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2024-42018?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2024-42018 - HIGH Severity | CVSS 7.7

Vulnerability Description

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section.

Related Vulnerabilities

CVE-2025-45242

HIGH

CVSS:7.7(High)

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.

CWE-9222025

CVE-2022-43475

HIGH

CVSS:7.8(High)

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-9222022

CVE-2022-44619

HIGH

CVSS:7.8(High)

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-9222022

CVE-2023-29755

HIGH

CVSS:7.8(High)

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

CWE-9222023

CVE-2023-29757

HIGH

CVSS:7.8(High)

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

CWE-9222023

CVE-2023-32184

HIGH

CVSS:7.8(High)

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This i...

CWE-9222023