CVE-2024-2007
low-risk
Published 2024-03-21
A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Xagent
Affected Vendors
References (6)
Issue Tracking
https://github.com/OpenBMB/XAgent/issues/386
Permissions Required
https://vuldb.com/?ctiid.255265
Third Party Advisory
https://vuldb.com/?id.255265
Issue Tracking
https://github.com/OpenBMB/XAgent/issues/386
Permissions Required
https://vuldb.com/?ctiid.255265
Third Party Advisory
https://vuldb.com/?id.255265
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal