CVE-2024-42017 Information

Description

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario if the application is remotely accessible it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application without any authentication.

Reference

https://eviden.com https://support.bull.com/ols/product/security/psirt/security-bulletins/multiple-critical-vulnerabilities-in-icare-psirt-625-tlp-clear-version-0-7-cve-2024-42017/view