Cyber Resilience

CVE-2024-7029

HighPublic PoCRCE

Published: 02 August 2024

Published
02 August 2024
Modified
17 September 2024
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.9297 99.8th percentile
Risk Priority 73 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7029 is a high-severity Command Injection (CWE-77) vulnerability in Avtech Avm1203 Firmware. Its CVSS base score is 8.7 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-7029 is a command-injection vulnerability (CWE-77) that permits unauthenticated remote attackers to supply and execute arbitrary commands over the network. The flaw carries a CVSS 4.0 score of 8.7 and affects a network-accessible component whose identity is referenced in ICS and security-research disclosures but is not further detailed in the supplied metadata.

An attacker with network reachability can exploit the issue without credentials or user interaction, achieving full command execution that yields high impacts on confidentiality, integrity, and availability. The associated EPSS score of approximately 0.93 indicates a high likelihood of exploitation in the wild.

Public advisories from CISA (ICSA-24-214-07) and Akamai research address the issue in the context of observed Mirai-variant botnet activity; operators should consult those sources for patch availability, configuration guidance, and recommended network controls.

The consistently elevated EPSS values reflect sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Commands can be injected over the network and executed without authentication.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

avtech
avm1203 firmware
≤ fullimg-1023-1007-1011-1009

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References