CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2024-12582 (GCVE-0-2024-12582)
Vulnerability from cvelistv5 – Published: 2024-12-24 03:31 – Updated: 2026-05-06 16:47
VLAI
Title
Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
Summary
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:1413 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-12582 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2333540 | issue-trackingx_refsource_REDHAT |
| https://github.com/skupperproject/skupper/pull/1833 |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 1.8.3
(semver)
|
|||
| Red Hat | Service Interconnect 1 for RHEL 9 |
Unaffected:
1.8.3-1 , < *
(rpm)
cpe:/a:redhat:service_interconnect:1::el9 |
|
| Red Hat | Service Interconnect 1 for RHEL 9 |
Unaffected:
2.7.3-1 , < *
(rpm)
cpe:/a:redhat:service_interconnect:1::el9 |
Date Public
2024-12-20 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T18:13:55.863080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T18:13:59.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/skupperproject/skupper/",
"defaultStatus": "unaffected",
"packageName": "skupper",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-config-sync-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-controller-podman-container-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-controller-podman-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-flow-collector-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-operator-bundle",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-router-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.7.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-service-controller-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:service_interconnect:1::el9"
],
"defaultStatus": "affected",
"packageName": "service-interconnect/skupper-site-controller-rhel9",
"product": "Service Interconnect 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.8.3-1",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:47:35.179Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:1413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1413"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12582"
},
{
"name": "RHBZ#2333540",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333540"
},
{
"url": "https://github.com/skupperproject/skupper/pull/1833"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-20T17:33:05.858Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-12-20T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service",
"workarounds": [
{
"lang": "en",
"value": "For users running skupper on Red Hat OpenShift, the OpenShift authentication should be used. Otherwise, use \"unsecured\" where authentication is not a primary concern."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12582",
"datePublished": "2024-12-24T03:31:24.896Z",
"dateReserved": "2024-12-12T17:10:04.729Z",
"dateUpdated": "2026-05-06T16:47:35.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12776 (GCVE-0-2024-12776)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-03-20 18:18
VLAI
Title
Authentication Bypass in langgenius/dify
Summary
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| langgenius | langgenius/dify |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:49:31.689192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:18:01.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "langgenius/dify",
"vendor": "langgenius",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:10:42.717Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/00a8b403-7da5-431e-afa3-40339cf734bf"
}
],
"source": {
"advisory": "00a8b403-7da5-431e-afa3-40339cf734bf",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in langgenius/dify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12776",
"datePublished": "2025-03-20T10:10:42.717Z",
"dateReserved": "2024-12-18T22:10:57.059Z",
"dateUpdated": "2025-03-20T18:18:01.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12802 (GCVE-0-2024-12802)
Vulnerability from cvelistv5 – Published: 2025-01-09 09:08 – Updated: 2026-05-22 03:55
VLAI
Summary
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2025-01-08 07:16
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:48.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Gen6 NSv",
"Gen6 Hardware",
"Gen7 Hardware",
"Gen7 NSv",
"TZ80"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "6.5.4.4-44v-21-2457 and older versions"
},
{
"status": "affected",
"version": "6.5.4.15-117n and older versions"
},
{
"status": "affected",
"version": "7.0.1-5161 and older versions"
},
{
"status": "affected",
"version": "7.1.1-7058 and older versions"
},
{
"status": "affected",
"version": "7.1.2-7019"
},
{
"status": "affected",
"version": "8.0.0-8035"
}
]
}
],
"datePublic": "2025-01-08T07:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.\u003c/span\u003e"
}
],
"value": "SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T09:08:26.012Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001"
}
],
"source": {
"advisory": "SNWLID-2025-0001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-12802",
"datePublished": "2025-01-09T09:08:26.012Z",
"dateReserved": "2024-12-19T16:22:43.405Z",
"dateUpdated": "2026-05-22T03:55:48.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1403 (GCVE-0-2024-1403)
Vulnerability from cvelistv5 – Published: 2024-02-27 15:39 – Updated: 2024-08-12 19:27
VLAI
Title
Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
Summary
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.progress.com/openedge | product |
| https://community.progress.com/s/article/Importan… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | OpenEdge |
Affected:
11.7.0 , < 11.7.19
(semver)
Affected: 12.2.0 , < 12.2.14 (semver) Affected: 12.8.0 , < 12.8.1 (semver) |
|
| progress | openedge |
Affected:
11.7.0 , < 11.7.19
(semver)
Affected: 12.2.0 , < 12.2.14 (semver) Affected: 12.8.0 , < 12.8.1 (semver) cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/openedge"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "openedge",
"vendor": "progress",
"versions": [
{
"lessThan": "11.7.19",
"status": "affected",
"version": "11.7.0",
"versionType": "semver"
},
{
"lessThan": "12.2.14",
"status": "affected",
"version": "12.2.0",
"versionType": "semver"
},
{
"lessThan": "12.8.1",
"status": "affected",
"version": "12.8.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1403",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-16T04:00:49.775339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:27:43.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"OpenEdge Authentication Gateway",
"AdminServer"
],
"platforms": [
"Windows",
"Linux",
"x86",
"64 bit",
"32 bit"
],
"product": "OpenEdge",
"vendor": "Progress",
"versions": [
{
"lessThan": "11.7.19",
"status": "affected",
"version": "11.7.0",
"versionType": "semver"
},
{
"lessThan": "12.2.14",
"status": "affected",
"version": "12.2.0",
"versionType": "semver"
},
{
"lessThan": "12.8.1",
"status": "affected",
"version": "12.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u0026nbsp; The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u0026nbsp; \n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0 \n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T15:39:54.850Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/openedge"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass in OpenEdge Authentication Gateway and AdminServer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-1403",
"datePublished": "2024-02-27T15:39:54.850Z",
"dateReserved": "2024-02-09T15:46:27.472Z",
"dateUpdated": "2024-08-12T19:27:43.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20378 (GCVE-0-2024-20378)
Vulnerability from cvelistv5 – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.
This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.1 MSR4-1 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR2 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 Affected: 4.5 Affected: 4.6 MSR1 Affected: 4.7.1 Affected: 4.8.1 Affected: 4.8.1 SR1 Affected: 5.0.1 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.3SR1 Affected: 12.0.4 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1(2)SR1 |
|
| Cisco | Cisco PhoneOS |
Affected:
1.0.1
Affected: 2.1.1 Affected: 2.0.1 Affected: 2.3.1 |
|
| cisco | ip_phone_6871_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_6821_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_6851_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_7821_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_6861_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_6825_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_6841_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_7811_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_7841_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_7861_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | ip_phone_8800_series_with_multiplatform_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:* |
|
| cisco | video_phone_8875_firmware |
Affected:
0 , ≤ 12.0.4
(custom)
cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:19:03.667220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:47:37.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:41:52.385Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64037",
"CSCwi64050"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20378",
"datePublished": "2024-05-01T16:41:52.385Z",
"dateReserved": "2023-11-08T15:08:07.655Z",
"dateUpdated": "2024-08-01T21:59:42.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20463 (GCVE-0-2024-20463)
Vulnerability from cvelistv5 – Published: 2024-10-16 16:16 – Updated: 2024-10-31 13:08
VLAI
Title
Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.
This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software |
Affected:
12.0.1 SR2
Affected: 11.1.0 Affected: 12.0.1 SR1 Affected: 11.1.0 MSR1 Affected: 12.0.1 Affected: 11.1.0 MSR2 Affected: 11.1.0 MSR3 Affected: 11.1.0 MSR4 Affected: 12.0.1 SR3 Affected: 11.2.1 Affected: 12.0.1 SR4 Affected: 11.2.2 Affected: 11.2.2 MSR1 Affected: 12.0.1 SR5 Affected: 11.2.3 Affected: 11.2.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:41:18.304076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:08:14.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Analog Telephone Adaptor (ATA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0.1 SR2"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "12.0.1 SR1"
},
{
"status": "affected",
"version": "11.1.0 MSR1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "11.1.0 MSR2"
},
{
"status": "affected",
"version": "11.1.0 MSR3"
},
{
"status": "affected",
"version": "11.1.0 MSR4"
},
{
"status": "affected",
"version": "12.0.1 SR3"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "12.0.1 SR4"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.2 MSR1"
},
{
"status": "affected",
"version": "12.0.1 SR5"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.\r\n\r\nThis vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:16:53.338Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ata19x-multi-RDTEqRsy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy"
}
],
"source": {
"advisory": "cisco-sa-ata19x-multi-RDTEqRsy",
"defects": [
"CSCwf28345"
],
"discovery": "INTERNAL"
},
"title": "Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20463",
"datePublished": "2024-10-16T16:16:53.338Z",
"dateReserved": "2023-11-08T15:08:07.680Z",
"dateUpdated": "2024-10-31T13:08:14.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20674 (GCVE-0-2024-20674)
Vulnerability from cvelistv5 – Published: 2024-01-09 17:56 – Updated: 2025-05-03 01:46
VLAI
Title
Windows Kerberos Security Feature Bypass Vulnerability
Summary
Windows Kerberos Security Feature Bypass Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.5329
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < 10.0.17763.5329
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.5329
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.5329
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.2227
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.2713
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.3930
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.3007
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.3930
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.3007
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.3007
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.643
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20402
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.6614
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6614
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6614
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22464
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.6003.0 , < 6.0.6003.22464
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.22464
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.26910
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.26910
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.24664
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.24664
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.21765
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.21765
(custom)
|
Date Public
2024-01-09 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T19:21:18.627155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T20:59:07.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Windows Kerberos Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5329",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5329",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5329",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5329",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2227",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2713",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.3930",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.3007",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.3930",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3007",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3007",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.643",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20402",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6614",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6614",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6614",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22464",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22464",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22464",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26910",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26910",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24664",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24664",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21765",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21765",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5329",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5329",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2227",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2713",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.3930",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3007",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.3930",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3007",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3007",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.643",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20402",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6614",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22464",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22464",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "6.0.6003.22464",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26910",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26910",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24664",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24664",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21765",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21765",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows Kerberos Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:24.848Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Kerberos Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674"
}
],
"title": "Windows Kerberos Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-20674",
"datePublished": "2024-01-09T17:56:45.386Z",
"dateReserved": "2023-11-28T22:58:12.117Z",
"dateUpdated": "2025-05-03T01:46:24.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34077 (GCVE-0-2024-34077)
Vulnerability from cvelistv5 – Published: 2024-05-13 15:30 – Updated: 2024-08-02 02:42
VLAI
Title
MantisBT user account takeover in the signup/reset password process
Summary
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`).
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/mantisbt/mantisbt/security/adv… | x_refsource_CONFIRM |
| https://github.com/mantisbt/mantisbt/commit/92d11… | x_refsource_MISC |
| https://mantisbt.org/bugs/view.php?id=34433 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mantisbt:mantisbt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mantisbt",
"vendor": "mantisbt",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:51:24.911983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:02.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=34433",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=34433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantisbt",
"vendor": "mantisbt",
"versions": [
{
"status": "affected",
"version": "\u003c 2.26.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user\u0027s password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token\u0027s validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620: Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T15:30:32.334Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=34433",
"tags": [
"x_refsource_MISC"
],
"url": "https://mantisbt.org/bugs/view.php?id=34433"
}
],
"source": {
"advisory": "GHSA-93x3-m7pw-ppqm",
"discovery": "UNKNOWN"
},
"title": "MantisBT user account takeover in the signup/reset password process"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34077",
"datePublished": "2024-05-13T15:30:32.334Z",
"dateReserved": "2024-04-30T06:56:33.383Z",
"dateUpdated": "2024-08-02T02:42:59.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36388 (GCVE-0-2024-36388)
Vulnerability from cvelistv5 – Published: 2024-06-02 13:14 – Updated: 2024-08-02 03:37
VLAI
Title
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
Summary
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
Date Public
2024-06-02 13:10
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "devicehub",
"vendor": "milesight",
"versions": [
{
"status": "affected",
"version": "3.0.1-r1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T13:49:40.486622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:34.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:04.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DeviceHub",
"vendor": "MileSight",
"versions": [
{
"lessThan": "Upgrade to the latest version.",
"status": "affected",
"version": "v3.0.1-r1 for Ubuntu 20.04",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Claroty Research \u2013 Team 82"
}
],
"datePublic": "2024-06-02T13:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eMileSight DeviceHub - \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-305 Missing Authentication for Critical Function\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "MileSight DeviceHub - \n\n\n\nCWE-305 Missing Authentication for Critical Function"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-02T13:19:41.864Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"source": {
"advisory": "ILVN-2024-0157",
"discovery": "UNKNOWN"
},
"title": "MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-36388",
"datePublished": "2024-06-02T13:14:46.927Z",
"dateReserved": "2024-05-27T13:04:44.110Z",
"dateUpdated": "2024-08-02T03:37:04.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38433 (GCVE-0-2024-38433)
Vulnerability from cvelistv5 – Published: 2024-07-11 07:50 – Updated: 2024-08-02 04:12
VLAI
Title
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
Summary
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nuvoton | NPCM7xx (Poleg) BootBlock |
Affected:
All versions , < v10.10.19
(custom)
|
|
| nuvoton | npcm7xx_firmware |
Affected:
0 , < v10.10.19
(custom)
cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-07-11 07:45
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "npcm7xx_firmware",
"vendor": "nuvoton",
"versions": [
{
"lessThan": "v10.10.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:42:53.159606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:42:56.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPCM7xx (Poleg) BootBlock",
"vendor": "Nuvoton",
"versions": [
{
"lessThan": "v10.10.19",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ferdinand N\u00f6lscher of Google\u0027s OTS-HS Team"
}
],
"datePublic": "2024-07-11T07:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003ch3\u003eNuvoton - CWE-305: Authentication Bypass by Primary Weakness\u003c/h3\u003e\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\u003cp\u003e\u003c/p\u003e\u003cp\u003ereference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\u003c/p\u003e\u003cp\u003eexecution.\u003c/p\u003e\n\n"
}
],
"value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T07:50:45.579Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to v10.10.19\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "Upgrade to v10.10.19"
}
],
"source": {
"advisory": "ILVN-2024-0171",
"discovery": "UNKNOWN"
},
"title": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-38433",
"datePublished": "2024-07-11T07:50:45.579Z",
"dateReserved": "2024-06-16T08:00:52.285Z",
"dateUpdated": "2024-08-02T04:12:24.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.