Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

CVE-2024-51738 (GCVE-0-2024-51738)

Vulnerability from cvelistv5 – Published: 2025-01-20 15:26 – Updated: 2025-01-21 14:59
VLAI
Title
Sunshine improperly enforces pairing protocol request order
Summary
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-476 - NULL Pointer Dereference
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
References
Impacted products
Vendor Product Version
LizardByte Sunshine Affected: < 2025.118.151840
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51738",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T14:59:20.927312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T14:59:35.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sunshine",
          "vendor": "LizardByte",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2025.118.151840"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine\u0027s pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T15:26:03.955Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499"
        },
        {
          "name": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd"
        }
      ],
      "source": {
        "advisory": "GHSA-3hrw-xv8h-9499",
        "discovery": "UNKNOWN"
      },
      "title": "Sunshine improperly enforces pairing protocol request order"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-51738",
    "datePublished": "2025-01-20T15:26:03.955Z",
    "dateReserved": "2024-10-31T14:12:45.788Z",
    "dateUpdated": "2025-01-21T14:59:35.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50478 (GCVE-0-2024-50478)

Vulnerability from cvelistv5 – Published: 2024-10-28 12:32 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability
Summary
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
Swoop 1-Click Login: Passwordless Authentication Affected: 1.4.5 (custom)
Create a notification for this product.
swoop 1-click_login\:_passwordless_authentication Affected: 1.4.5
    cpe:2.3:a:swoop:1-click_login\:_passwordless_authentication:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
stealthcopter (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:swoop:1-click_login\\:_passwordless_authentication:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "1-click_login\\:_passwordless_authentication",
            "vendor": "swoop",
            "versions": [
              {
                "status": "affected",
                "version": "1.4.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T16:17:03.552262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T18:49:21.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "swoop-password-free-authentication",
          "product": "1-Click Login: Passwordless Authentication",
          "vendor": "Swoop",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "stealthcopter (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.\u003cp\u003eThis issue affects 1-Click Login: Passwordless Authentication: 1.4.5.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:10:29.787Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/swoop-password-free-authentication/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-50478",
    "datePublished": "2024-10-28T12:32:27.258Z",
    "dateReserved": "2024-10-24T07:26:38.824Z",
    "dateUpdated": "2026-04-28T16:10:29.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49587 (GCVE-0-2024-49587)

Vulnerability from cvelistv5 – Published: 2025-12-19 16:33 – Updated: 2026-02-26 16:07
VLAI
Title
Glutton V1 endpoints missing authentication
Summary
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
Impacted products
Vendor Product Version
Palantir com.palantir.gotham:glutton Unaffected: 105.95.0 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-20T04:56:48.131550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:24.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "com.palantir.gotham:glutton",
          "vendor": "Palantir",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "105.95.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T16:33:22.971Z",
        "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "shortName": "Palantir"
      },
      "references": [
        {
          "url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11"
        }
      ],
      "source": {
        "defect": [
          "PLTRSEC-2024-43"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Glutton V1 endpoints missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
    "assignerShortName": "Palantir",
    "cveId": "CVE-2024-49587",
    "datePublished": "2025-12-19T16:33:22.971Z",
    "dateReserved": "2024-10-16T19:09:45.689Z",
    "dateUpdated": "2026-02-26T16:07:24.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39899 (GCVE-0-2024-39899)

Vulnerability from cvelistv5 – Published: 2024-07-09 18:57 – Updated: 2024-08-02 04:33
VLAI
Title
PrivateBin allows shortening of URLs for other domains
Summary
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-791 - Incomplete Filtering of Special Elements
Assigner
Impacted products
Vendor Product Version
PrivateBin PrivateBin Affected: >= 1.5.0, < 1.7.4
Create a notification for this product.
privatebin privatebin Affected: 1.5.0 , < 1.7.4 (custom)
    cpe:2.3:a:privatebin:privatebin:1.5.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:privatebin:privatebin:1.5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "privatebin",
            "vendor": "privatebin",
            "versions": [
              {
                "lessThan": "1.7.4",
                "status": "affected",
                "version": "1.5.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T14:31:16.074596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T14:35:40.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j"
          },
          {
            "name": "https://github.com/PrivateBin/PrivateBin/pull/1370",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/PrivateBin/PrivateBin/pull/1370"
          },
          {
            "name": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PrivateBin",
          "vendor": "PrivateBin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.5.0, \u003c 1.7.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-791",
              "description": "CWE-791: Incomplete Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T18:57:50.228Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j"
        },
        {
          "name": "https://github.com/PrivateBin/PrivateBin/pull/1370",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PrivateBin/PrivateBin/pull/1370"
        },
        {
          "name": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4"
        }
      ],
      "source": {
        "advisory": "GHSA-mqqj-fx8h-437j",
        "discovery": "UNKNOWN"
      },
      "title": "PrivateBin allows shortening of URLs for other domains"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39899",
    "datePublished": "2024-07-09T18:57:50.228Z",
    "dateReserved": "2024-07-02T19:37:18.599Z",
    "dateUpdated": "2024-08-02T04:33:11.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38433 (GCVE-0-2024-38433)

Vulnerability from cvelistv5 – Published: 2024-07-11 07:50 – Updated: 2024-08-02 04:12
VLAI
Title
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
Summary
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Nuvoton NPCM7xx (Poleg) BootBlock Affected: All versions , < v10.10.19 (custom)
Create a notification for this product.
nuvoton npcm7xx_firmware Affected: 0 , < v10.10.19 (custom)
    cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-11 07:45
Credits
Ferdinand Nölscher of Google's OTS-HS Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "npcm7xx_firmware",
            "vendor": "nuvoton",
            "versions": [
              {
                "lessThan": "v10.10.19",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38433",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T14:42:53.159606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T14:42:56.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:24.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NPCM7xx (Poleg) BootBlock",
          "vendor": "Nuvoton",
          "versions": [
            {
              "lessThan": "v10.10.19",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ferdinand N\u00f6lscher of Google\u0027s OTS-HS Team"
        }
      ],
      "datePublic": "2024-07-11T07:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003ch3\u003eNuvoton - CWE-305: Authentication Bypass by Primary Weakness\u003c/h3\u003e\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\u003cp\u003e\u003c/p\u003e\u003cp\u003ereference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\u003c/p\u003e\u003cp\u003eexecution.\u003c/p\u003e\n\n"
            }
          ],
          "value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-11T07:50:45.579Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to v10.10.19\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "Upgrade to v10.10.19"
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0171",
        "discovery": "UNKNOWN"
      },
      "title": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-38433",
    "datePublished": "2024-07-11T07:50:45.579Z",
    "dateReserved": "2024-06-16T08:00:52.285Z",
    "dateUpdated": "2024-08-02T04:12:24.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36388 (GCVE-0-2024-36388)

Vulnerability from cvelistv5 – Published: 2024-06-02 13:14 – Updated: 2024-08-02 03:37
VLAI
Title
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
Summary
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Missing Authentication for Critical Function
Assigner
Impacted products
Vendor Product Version
MileSight DeviceHub Affected: v3.0.1-r1 for Ubuntu 20.04 , < Upgrade to the latest version. (custom)
Create a notification for this product.
milesight devicehub Affected: 3.0.1-r1
    cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-02 13:10
Credits
Claroty Research – Team 82
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "devicehub",
            "vendor": "milesight",
            "versions": [
              {
                "status": "affected",
                "version": "3.0.1-r1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T13:49:40.486622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:34.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:04.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DeviceHub",
          "vendor": "MileSight",
          "versions": [
            {
              "lessThan": "Upgrade to the latest version.",
              "status": "affected",
              "version": "v3.0.1-r1 for Ubuntu 20.04",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Claroty Research \u2013 Team 82"
        }
      ],
      "datePublic": "2024-06-02T13:10:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eMileSight DeviceHub - \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-305 Missing Authentication for Critical Function\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "MileSight DeviceHub - \n\n\n\nCWE-305 Missing Authentication for Critical Function"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-02T13:19:41.864Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0157",
        "discovery": "UNKNOWN"
      },
      "title": "MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-36388",
    "datePublished": "2024-06-02T13:14:46.927Z",
    "dateReserved": "2024-05-27T13:04:44.110Z",
    "dateUpdated": "2024-08-02T03:37:04.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34077 (GCVE-0-2024-34077)

Vulnerability from cvelistv5 – Published: 2024-05-13 15:30 – Updated: 2024-08-02 02:42
VLAI
Title
MantisBT user account takeover in the signup/reset password process
Summary
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`).
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-620 - Unverified Password Change
Assigner
Impacted products
Vendor Product Version
mantisbt mantisbt Affected: < 2.26.2
Create a notification for this product.
mantisbt mantisbt Affected: -
    cpe:2.3:a:mantisbt:mantisbt:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mantisbt:mantisbt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mantisbt",
            "vendor": "mantisbt",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34077",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T19:51:24.911983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:42:02.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm"
          },
          {
            "name": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00"
          },
          {
            "name": "https://mantisbt.org/bugs/view.php?id=34433",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mantisbt.org/bugs/view.php?id=34433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mantisbt",
          "vendor": "mantisbt",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.26.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user\u0027s password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token\u0027s validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "CWE-620: Unverified Password Change",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T15:30:32.334Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm"
        },
        {
          "name": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00"
        },
        {
          "name": "https://mantisbt.org/bugs/view.php?id=34433",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mantisbt.org/bugs/view.php?id=34433"
        }
      ],
      "source": {
        "advisory": "GHSA-93x3-m7pw-ppqm",
        "discovery": "UNKNOWN"
      },
      "title": "MantisBT user account takeover in the signup/reset password process"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34077",
    "datePublished": "2024-05-13T15:30:32.334Z",
    "dateReserved": "2024-04-30T06:56:33.383Z",
    "dateUpdated": "2024-08-02T02:42:59.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20674 (GCVE-0-2024-20674)

Vulnerability from cvelistv5 – Published: 2024-01-09 17:56 – Updated: 2025-05-03 01:46
VLAI
Title
Windows Kerberos Security Feature Bypass Vulnerability
Summary
Windows Kerberos Security Feature Bypass Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.5329 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.2227 (custom)
Create a notification for this product.
Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.2713 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19043.0 , < 10.0.19044.3930 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.3007 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.3930 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H3 Affected: 10.0.22631.0 , < 10.0.22631.3007 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 23H2 Affected: 10.0.22631.0 , < 10.0.22631.3007 (custom)
Create a notification for this product.
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) Affected: 10.0.25398.0 , < 10.0.25398.643 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.20402 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.6614 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22464 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26910 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26910 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24664 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24664 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.21765 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.21765 (custom)
Create a notification for this product.
Date Public
2024-01-09 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20674",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-09T19:21:18.627155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T20:59:07.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Kerberos Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5329",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2227",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2713",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.3930",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3007",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.3930",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.643",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20402",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6614",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22464",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26910",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26910",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24664",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24664",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21765",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21765",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5329",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2227",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2713",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.3930",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3007",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.3930",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3007",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3007",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.643",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20402",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6614",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.22464",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26910",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26910",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24664",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24664",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21765",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21765",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Kerberos Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:46:24.848Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Kerberos Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674"
        }
      ],
      "title": "Windows Kerberos Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20674",
    "datePublished": "2024-01-09T17:56:45.386Z",
    "dateReserved": "2023-11-28T22:58:12.117Z",
    "dateUpdated": "2025-05-03T01:46:24.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20463 (GCVE-0-2024-20463)

Vulnerability from cvelistv5 – Published: 2024-10-16 16:16 – Updated: 2024-10-31 13:08
VLAI
Title
Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.&nbsp;
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-862 - Missing Authorization
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 12.0.1 SR2
Affected: 11.1.0
Affected: 12.0.1 SR1
Affected: 11.1.0 MSR1
Affected: 12.0.1
Affected: 11.1.0 MSR2
Affected: 11.1.0 MSR3
Affected: 11.1.0 MSR4
Affected: 12.0.1 SR3
Affected: 11.2.1
Affected: 12.0.1 SR4
Affected: 11.2.2
Affected: 11.2.2 MSR1
Affected: 12.0.1 SR5
Affected: 11.2.3
Affected: 11.2.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T17:41:18.304076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:08:14.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Analog Telephone Adaptor (ATA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.1 SR2"
            },
            {
              "status": "affected",
              "version": "11.1.0"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR1"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR1"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR2"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR3"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR4"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR3"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR4"
            },
            {
              "status": "affected",
              "version": "11.2.2"
            },
            {
              "status": "affected",
              "version": "11.2.2 MSR1"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR5"
            },
            {
              "status": "affected",
              "version": "11.2.3"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.\r\n\r\nThis vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T16:16:53.338Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ata19x-multi-RDTEqRsy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ata19x-multi-RDTEqRsy",
        "defects": [
          "CSCwf28345"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20463",
    "datePublished": "2024-10-16T16:16:53.338Z",
    "dateReserved": "2023-11-08T15:08:07.680Z",
    "dateUpdated": "2024-10-31T13:08:14.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20378 (GCVE-0-2024-20378)

Vulnerability from cvelistv5 – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3
Affected: 11.3.2
Affected: 11.3.3
Affected: 11.3.1 MSR4-1
Affected: 11.3.4
Affected: 11.3.5
Affected: 11.3.3 MSR2
Affected: 11.3.3 MSR1
Affected: 11.3.6
Affected: 11-3-1MPPSR4UPG
Affected: 11.3.7
Affected: 11-3-1MSR2UPG
Affected: 11.3.6SR1
Affected: 11.3.7SR1
Affected: 11.3.7SR2
Affected: 11.0.0
Affected: 11.0.1
Affected: 11.0.1 MSR1-1
Affected: 11.0.2
Affected: 11.1.1
Affected: 11.1.1 MSR1-1
Affected: 11.1.1 MSR2-1
Affected: 11.1.2
Affected: 11.1.2 MSR1-1
Affected: 11.1.2 MSR3-1
Affected: 11.2.1
Affected: 11.2.2
Affected: 11.2.3
Affected: 11.2.3 MSR1-1
Affected: 11.2.4
Affected: 11.3.1
Affected: 11.3.1 MSR1-3
Affected: 4.5
Affected: 4.6 MSR1
Affected: 4.7.1
Affected: 4.8.1
Affected: 4.8.1 SR1
Affected: 5.0.1
Affected: 12.0.1
Affected: 12.0.2
Affected: 12.0.3
Affected: 12.0.3SR1
Affected: 12.0.4
Affected: 5.1.1
Affected: 5.1.2
Affected: 5.1(2)SR1
Create a notification for this product.
Cisco Cisco PhoneOS Affected: 1.0.1
Affected: 2.1.1
Affected: 2.0.1
Affected: 2.3.1
Create a notification for this product.
cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
    cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6871_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6821_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6851_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7821_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6861_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6825_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6841_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7811_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7841_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7861_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_8800_series_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "video_phone_8875_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T20:19:03.667220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:47:37.828Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones with Multiplatform Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.3.1 MSR2-6"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR3-3"
            },
            {
              "status": "affected",
              "version": "11.3.2"
            },
            {
              "status": "affected",
              "version": "11.3.3"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR4-1"
            },
            {
              "status": "affected",
              "version": "11.3.4"
            },
            {
              "status": "affected",
              "version": "11.3.5"
            },
            {
              "status": "affected",
              "version": "11.3.3 MSR2"
            },
            {
              "status": "affected",
              "version": "11.3.3 MSR1"
            },
            {
              "status": "affected",
              "version": "11.3.6"
            },
            {
              "status": "affected",
              "version": "11-3-1MPPSR4UPG"
            },
            {
              "status": "affected",
              "version": "11.3.7"
            },
            {
              "status": "affected",
              "version": "11-3-1MSR2UPG"
            },
            {
              "status": "affected",
              "version": "11.3.6SR1"
            },
            {
              "status": "affected",
              "version": "11.3.7SR1"
            },
            {
              "status": "affected",
              "version": "11.3.7SR2"
            },
            {
              "status": "affected",
              "version": "11.0.0"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            },
            {
              "status": "affected",
              "version": "11.0.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.0.2"
            },
            {
              "status": "affected",
              "version": "11.1.1"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR2-1"
            },
            {
              "status": "affected",
              "version": "11.1.2"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR3-1"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            },
            {
              "status": "affected",
              "version": "11.2.2"
            },
            {
              "status": "affected",
              "version": "11.2.3"
            },
            {
              "status": "affected",
              "version": "11.2.3 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            },
            {
              "status": "affected",
              "version": "11.3.1"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR1-3"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6 MSR1"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.1 SR1"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.2"
            },
            {
              "status": "affected",
              "version": "12.0.3"
            },
            {
              "status": "affected",
              "version": "12.0.3SR1"
            },
            {
              "status": "affected",
              "version": "12.0.4"
            },
            {
              "status": "affected",
              "version": "5.1.1"
            },
            {
              "status": "affected",
              "version": "5.1.2"
            },
            {
              "status": "affected",
              "version": "5.1(2)SR1"
            }
          ]
        },
        {
          "product": "Cisco PhoneOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.1"
            },
            {
              "status": "affected",
              "version": "2.1.1"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T16:41:52.385Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
        "defects": [
          "CSCwi64037",
          "CSCwi64050"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20378",
    "datePublished": "2024-05-01T16:41:52.385Z",
    "dateReserved": "2023-11-08T15:08:07.655Z",
    "dateUpdated": "2024-08-01T21:59:42.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.