{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39755", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-08-02T16:15:01.522Z", "datePublished": "2024-10-03T15:16:10.308Z", "dateUpdated": "2024-12-18T14:31:20.169Z"}, "containers": {"cna": {"affected": [{"vendor": "Veertu", "product": "Anka Build", "versions": [{"version": "1.42.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-282: Improper Ownership Management", "type": "CWE", "cweId": "CWE-282"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-12-18T14:31:20.169Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-03T17:02:47.885Z"}}, {"affected": [{"vendor": "veertu", "product": "anka_build", "cpes": ["cpe:2.3:a:veertu:anka_build:1.42.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.42.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T17:23:51.614064Z", "id": "CVE-2024-39755", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:24:38.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-03T17:02:47.885Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39755", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-03T17:23:51.614064Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:veertu:anka_build:1.42.0:*:*:*:*:*:*:*"], "vendor": "veertu", "product": "anka_build", "versions": [{"status": "affected", "version": "1.42.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:24:29.396Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Veertu", "product": "Anka Build", "versions": [{"status": "affected", "version": "1.42.0"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-282", "description": "CWE-282: Improper Ownership Management"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-12-18T14:31:20.169Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39755", "state": "PUBLISHED", "dateUpdated": "2024-12-18T14:31:20.169Z", "dateReserved": "2024-08-02T16:15:01.522Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-10-03T15:16:10.308Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veertu:anka_build_cloud:1.42.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA553BA9-4893-4500-B0FB-7ACF869B790A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios en Veertu Anka Build 1.42.0. La vulnerabilidad ocurre durante la actualizaci\u00f3n del agente del nodo Anka. Un usuario con pocos privilegios puede activar la acci\u00f3n de actualizaci\u00f3n, lo que puede provocar una elevaci\u00f3n inesperada de privilegios."}], "id": "CVE-2024-39755", "lastModified": "2025-09-04T18:55:43.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-10-03T16:15:05.230", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2060"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-282"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}