These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A medium-severity vulnerability in 2N Access Commander versions 1.14 and prior allows attackers with administrative privileges to extract hardcoded AES passphrases. These passphrases may enable decryption of sensitive data within backup files. The issue was disclosed on November 14, 2024, with an advisory update published February 11, 2025. 2N has released Access Commander version 3.3 as a fix.
A local privilege escalation vulnerability in 2N Access Commander versions 3.1.1.2 and prior allows an authenticated attacker with high privileges to escalate to root and execute arbitrary code. The vulnerability requires local access and high attack complexity, limiting its exploitability but granting significant impact upon successful compromise. CISA published this advisory on November 14, 2024, with a [truncated]
A medium-severity vulnerability in 2N Access Commander versions 3.1.1.2 and prior allows privilege escalation to root access due to insufficient verification of data authenticity. The vulnerability was disclosed by CISA on November 14, 2024, with an advisory update (Update A) published on February 11, 2025, adding new vulnerability details, affected products, and updated mitigations. The CVSS 3.1 vector i [truncated]
A path traversal vulnerability in 2N Access Commander versions 3.1.1.2 and prior allows an authenticated attacker with high privileges to write arbitrary files to the filesystem, leading to remote code execution. The vulnerability was disclosed by CISA on November 14, 2024, and updated on February 11, 2025, to include additional affected products and mitigations. The CVSS 3.1 score of 7.2 reflects high im [truncated]