Skip to content

Magnet Forensics AXIOM Command Injection Remote Code...

High severity Unreviewed Published May 3, 2024 to the GitHub Advisory Database • Updated May 3, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device.

The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21255.

References

Published by the National Vulnerability Database May 3, 2024
Published to the GitHub Advisory Database May 3, 2024
Last updated May 3, 2024

Severity

High
8.0
/ 10

CVSS base metrics

Attack vector
Adjacent
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

CVE ID

CVE-2023-42128

GHSA ID

GHSA-9rf3-g22q-9xfp

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Checking history
See something to contribute? Suggest improvements for this vulnerability.