{ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2024-21876", "assignerOrgId": "00000000-0000-4000-9000-000000000000", "requesterUserId": "00000000-0000-4000-9000-000000000000", "serial": 1, "state": "PUBLISHED" }, "containers": { "cna": { "providerMetadata": { "orgId": "00000000-0000-4000-9000-000000000000" }, "title": "Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225", "datePublic": "2024-08-10T17:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-165", "descriptions": [ { "lang": "en", "value": "CAPEC-165 File Manipulation" } ] } ], "affected": [ { "vendor": "Enphase", "product": "IQ Gateway", "versions": [ { "status": "affected", "version": "8.0", "lessThan": "8.2.4225", "versionType": "semver" }, { "status": "affected", "version": "7.x", "versionType": "semver" }, { "status": "affected", "version": "6.x", "versionType": "semver" }, { "status": "affected", "version": "5.x", "versionType": "semver" }, { "status": "affected", "version": "4.x", "versionType": "semver" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.

This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.

" } ] } ], "references": [ { "url": "https://csirt.divd.nl/CVE-2024-21876", "tags": [ "third-party-advisory" ] }, { "url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": [ "related" ] }, { "url": "https://enphase.com/cybersecurity/advisories/ensa-2024-1", "tags": [ "vendor-advisory" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/V:D/RE:H" } }, { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "Chain of CVE-2024-21876, CVE-2024-21877 and CVE-2024-21878" } ], "cvssV4_0": { "version": "4.0", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "CRITICAL", "baseScore": 9.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H" } } ], "workarounds": [ { "lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network." } ] } ], "solutions": [ { "lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Devices are remotely being updated by the vendor." } ] } ], "credits": [ { "lang": "en", "value": "Wietse Boonstra of DIVD", "type": "finder" }, { "lang": "en", "value": "Hidde Smit of DIVD", "type": "finder" }, { "lang": "en", "value": "Frank Breedijk of DIVD", "type": "analyst" }, { "lang": "en", "value": "Max van der Horst of DIVD", "type": "analyst" } ], "source": { "advisory": "DIVD-2024-00011", "discovery": "INTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } } }