What is the severity of CVE-2024-22062?

CVE-2024-22062 has a high severity rating due to the potential for unauthorized privilege escalation.

How do I fix CVE-2024-22062?

To fix CVE-2024-22062, update ZTE ZXCLOUD IRAI to version 7.23.40 or later, ensuring that configurations are secured.

What type of vulnerability is CVE-2024-22062?

CVE-2024-22062 is a permissions and access control vulnerability that allows attackers to escalate their privileges.

Who is affected by CVE-2024-22062?

CVE-2024-22062 affects users of the ZTE ZXCLOUD IRAI software versions prior to 7.23.40.

Can CVE-2024-22062 be exploited remotely?

Yes, CVE-2024-22062 can be exploited remotely if an attacker can access the configuration settings.

Vulnerability/
CVE-2024-22062

high

8.8

CWE

346 276

9/7/2024

28/1/2025

CVE-2024-22062: Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI

First published: Tue Jul 09 2024(Updated: )

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

Credit: psirt@zte.com.cn

Affected Software	Affected Version	How to fix
ZTE ZXCLOUD iRAI
ZTE ZXCLOUD iRAI	<7.23.40

Remedy

ClientV7.23.40

Never miss a vulnerability like this again

Reference Links

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036204

Frequently Asked Questions

What is the severity of CVE-2024-22062?
CVE-2024-22062 has a high severity rating due to the potential for unauthorized privilege escalation.
How do I fix CVE-2024-22062?
To fix CVE-2024-22062, update ZTE ZXCLOUD IRAI to version 7.23.40 or later, ensuring that configurations are secured.
What type of vulnerability is CVE-2024-22062?
CVE-2024-22062 is a permissions and access control vulnerability that allows attackers to escalate their privileges.
Who is affected by CVE-2024-22062?
CVE-2024-22062 affects users of the ZTE ZXCLOUD IRAI software versions prior to 7.23.40.
Can CVE-2024-22062 be exploited remotely?
Yes, CVE-2024-22062 can be exploited remotely if an attacker can access the configuration settings.

agent/title
agent/references
agent/remedy
agent/description
agent/type
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/severity
agent/weakness
agent/last-modified-date
agent/tags
agent/softwarecombine
agent/event
vendor/zte
canonical/zte zxcloud irai

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-22062?
CVE-2024-22062 has a high severity rating due to the potential for unauthorized privilege escalation.
How do I fix CVE-2024-22062?
To fix CVE-2024-22062, update ZTE ZXCLOUD IRAI to version 7.23.40 or later, ensuring that configurations are secured.
What type of vulnerability is CVE-2024-22062?
CVE-2024-22062 is a permissions and access control vulnerability that allows attackers to escalate their privileges.
Who is affected by CVE-2024-22062?
CVE-2024-22062 affects users of the ZTE ZXCLOUD IRAI software versions prior to 7.23.40.
Can CVE-2024-22062 be exploited remotely?
Yes, CVE-2024-22062 can be exploited remotely if an attacker can access the configuration settings.