MidnightBSD

Advisories for 2n

CVE-2021-31399 MEDIUM

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.1 2.5
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
2n access_unit_2.0_firmware 2.31.0.40.5
CVE-2024-47253

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
2n access_commander *
CVE-2024-47254

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.4 5.9

Products Affected

Vendor Product Version
2n access_commander *
CVE-2024-47255

In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N 0.5 4.2

Products Affected

Vendor Product Version
2n access_commander *