CVE-2024-30111 (GCVE-0-2024-30111)
Vulnerability from cvelistv5
Published
2024-06-28 06:39
Modified
2024-08-02 01:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1326 - Missing Immutable Root of Trust in Hardware
Summary
HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | DRYiCE AEX |
Version: 10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T19:34:01.190491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T14:26:34.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:03.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DRYiCE AEX",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "10"
}
]
}
],
"datePublic": "2024-06-27T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities. \n\n\n\n"
}
],
"value": "HCL DRYiCE AEX product is impacted by Missing\nRoot Detection vulnerability in the mobile application. The mobile app can be installed in the rooted\ndevice due to which malicious users can gain unauthorized access to the rooted\ndevices, compromising security and potentially leading to data breaches or\nother malicious activities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1326",
"description": "CWE-1326: Missing Immutable Root of Trust in Hardware",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T06:39:36.149Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Root Detection vulnerability affects DRYiCE AEX v10",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30111",
"datePublished": "2024-06-28T06:39:36.149Z",
"dateReserved": "2024-03-22T23:57:21.324Z",
"dateUpdated": "2024-08-02T01:25:03.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-30111\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2024-06-28T07:15:05.473\",\"lastModified\":\"2024-11-21T09:11:17.383\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL DRYiCE AEX product is impacted by Missing\\nRoot Detection vulnerability in the mobile application. The mobile app can be installed in the rooted\\ndevice due to which malicious users can gain unauthorized access to the rooted\\ndevices, compromising security and potentially leading to data breaches or\\nother malicious activities.\"},{\"lang\":\"es\",\"value\":\"El producto HCL DRYiCE AEX se ve afectado por una vulnerabilidad de detecci\u00f3n de ra\u00edz faltante en la aplicaci\u00f3n m\u00f3vil. La aplicaci\u00f3n m\u00f3vil se puede instalar en el dispositivo rooteado, debido a que los usuarios malintencionados pueden obtener acceso no autorizado a los dispositivos rooteados, comprometiendo la seguridad y potencialmente provocando violaciones de datos u otras actividades maliciosas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1326\"}]}],\"references\":[{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193\",\"source\":\"psirt@hcl.com\"},{\"url\":\"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30111\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-28T19:34:01.190491Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-02T14:26:31.860Z\"}}], \"cna\": {\"title\": \"Missing Root Detection vulnerability affects DRYiCE AEX v10\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL.\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"DRYiCE AEX\", \"versions\": [{\"status\": \"affected\", \"version\": \"10\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-06-27T19:00:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114193\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HCL DRYiCE AEX product is impacted by Missing\\nRoot Detection vulnerability in the mobile application. The mobile app can be installed in the rooted\\ndevice due to which malicious users can gain unauthorized access to the rooted\\ndevices, compromising security and potentially leading to data breaches or\\nother malicious activities.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"HCL DRYiCE AEX product is impacted by Missing\\nRoot Detection vulnerability in the mobile application. The mobile app can be installed in the rooted\\ndevice due to which malicious users can gain unauthorized access to the rooted\\ndevices, compromising security and potentially leading to data breaches or\\nother malicious activities. \\n\\n\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1326\", \"description\": \"CWE-1326: Missing Immutable Root of Trust in Hardware\"}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2024-06-28T06:39:36.149Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-30111\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-02T14:26:34.504Z\", \"dateReserved\": \"2024-03-22T23:57:21.324Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2024-06-28T06:39:36.149Z\", \"assignerShortName\": \"HCL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…