Vulnerabilities > CVE-2024-7265 - Incorrect Authorization vulnerability in Nask EZD RP 15/16/17

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nask

CWE-863

NVD

Published: 2024-08-07

Updated: 2025-03-17

Summary

Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

Vulnerable Configurations

Part	Description	Count
Application	Nask Nask EZD RP 15 Nask EZD RP 16 Nask EZD RP 17	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cert.pl/en/posts/2024/08/CVE-2024-7265/
https://cert.pl/posts/2024/08/CVE-2024-7265/
https://www.gov.pl/web/ezd-rp