{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T12:47:00.024","vulnerabilities":[{"cve":{"id":"CVE-2024-9050","sourceIdentifier":"secalert@redhat.com","published":"2024-10-22T13:15:02.410","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration."},{"lang":"es","value":"Se encontró una falla en el complemento de cliente de libreswan para NetworkManager (NetkworkManager-libreswan), donde no puede desinfectar correctamente la configuración de VPN del usuario local sin privilegios. En esta configuración, compuesta por un formato clave-valor, el complemento no puede escapar caracteres especiales, lo que lleva a la aplicación a interpretar los valores como claves. Uno de los parámetros más críticos que un usuario malintencionado podría abusar es la clave `leftupdown`. Esta clave toma un comando ejecutable como valor y se utiliza para especificar lo que se ejecuta como una devolución de llamada en NetworkManager-libreswan para recuperar los ajustes de configuración de nuevo a NetworkManager. Como NetworkManager utiliza Polkit para permitir que un usuario sin privilegios controle la configuración de red del sistema, un actor malintencionado podría lograr una escalada de privilegios local y una posible ejecución de código como root en la máquina de destino."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:8312","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8338","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8353","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8354","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8355","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8356","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8357","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8358","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:9555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:9556","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-9050","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2313828","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/10/25/1","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2024/10/25/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}