CVE-2024-4163

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Apr 26, 2024
Updated: Jul 3, 2024
CWE ID 77

Summary

CVE-2024-4163 is a vulnerability affecting the Skylab IGX IIoT Gateway. The issue lies in the limited shell terminal (IGX) which runs under root privileges, allowing unauthorized users to connect. Through the use of the file exec and download functions, attackers can manipulate files, including the /etc/passwd file. By replacing this file with a new root user entry, attackers can gain unrestricted shell access and ultimately take control of the entire IIoT Gateway.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share