CWE-420
Unprotected Alternate Channel
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
CVE-2023-52718 (GCVE-0-2023-52718)
Vulnerability from cvelistv5 – Published: 2024-12-28 07:16 – Updated: 2024-12-28 16:09
VLAI
Summary
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)
This vulnerability has been assigned a (CVE)ID:CVE-2023-52718
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei | PT9030-15 |
Affected:
3.0.3.266
|
|
| Huawei | WS7206-10 |
Affected:
11.0.5.19
Affected: 2.1.0.203 |
|
| Huawei | WS7290-15 |
Affected:
3.0.3.266
|
|
| Huawei | WS8000-10 |
Affected:
WS8000-16 3.0.3.236
|
|
| Huawei | WS8001-10 |
Affected:
3.0.3.242
|
|
| Huawei | WS8002-10 |
Affected:
3.0.3.242
|
|
| Huawei | WS8500-10 |
Affected:
WS8500-16 3.0.3.235
|
|
| Huawei | WS8502-10 |
Affected:
3.0.3.242
|
|
| Huawei | WS8700-10 |
Affected:
3.0.3.251
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:08:28.353163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:09:42.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT9030-15",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.266"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7206-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "11.0.5.19"
},
{
"status": "affected",
"version": "2.1.0.203"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7290-15",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.266"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8000-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS8000-16 3.0.3.236"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8001-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.242"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8002-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.242"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8500-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS8500-16 3.0.3.235"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8502-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.242"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS8700-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "3.0.3.251"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\u003c/p\u003e"
}
],
"value": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T07:16:22.248Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-52718",
"datePublished": "2024-12-28T07:16:22.248Z",
"dateReserved": "2024-04-11T06:52:24.010Z",
"dateUpdated": "2024-12-28T16:09:42.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7266 (GCVE-0-2023-7266)
Vulnerability from cvelistv5 – Published: 2024-12-28 07:00 – Updated: 2024-12-28 16:18
VLAI
Summary
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:17:24.290887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:18:05.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TC7001-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "2.0.0.336(SP6C300)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7200-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS7200-10-OTA 3.0.3.215-fullpackage(auto_1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7206-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS7206-10-OTA 4.0.0.16(V3R2)-fullpackage(auto)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266\u003c/span\u003e"
}
],
"value": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T07:00:51.369Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-7266",
"datePublished": "2024-12-28T07:00:51.369Z",
"dateReserved": "2024-06-05T06:02:52.290Z",
"dateUpdated": "2024-12-28T16:18:05.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10081 (GCVE-0-2024-10081)
Vulnerability from cvelistv5 – Published: 2024-11-06 14:33 – Updated: 2024-11-06 15:01 X_Open Source
VLAI
Summary
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.
This issue affects CodeChecker: through 6.24.1.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Ericsson/codechecker/security/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ericsson | CodeChecker |
Affected:
0 , ≤ 6.24.1
(python)
|
|
| ericsson | codechecker |
Affected:
0 , ≤ 6.24.1
(custom)
cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "codechecker",
"vendor": "ericsson",
"versions": [
{
"lessThanOrEqual": "6.24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:00:25.469782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:01:01.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeChecker",
"vendor": "Ericsson",
"versions": [
{
"lessThanOrEqual": "6.24.1",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003eAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll endpoints, apart from the /Authentication is affected by the vulnerability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.24.1.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThis issue affects CodeChecker: through 6.24.1."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:33:52.497Z",
"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"shortName": "ERIC"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q"
}
],
"source": {
"discovery": "INTERNAL"
},
"tags": [
"x_open-source"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"assignerShortName": "ERIC",
"cveId": "CVE-2024-10081",
"datePublished": "2024-11-06T14:33:52.497Z",
"dateReserved": "2024-10-17T12:36:50.519Z",
"dateUpdated": "2024-11-06T15:01:01.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4444 (GCVE-0-2024-4444)
Vulnerability from cvelistv5 – Published: 2024-05-10 08:32 – Updated: 2026-04-08 17:21
VLAI
Title
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration
Summary
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
Affected:
0 , ≤ 4.2.6.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T14:03:15.355608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:09.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://inky-knuckle-2c2.notion.site/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/class-lp-checkout.php#L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3082204/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.2.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AmrAwad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the \u0027create_account\u0027 function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:21:59.484Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cve"
},
{
"url": "https://inky-knuckle-2c2.notion.site/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/class-lp-checkout.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3082204/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-09T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.2.6.5 - Unauthenticated Bypass to User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4444",
"datePublished": "2024-05-10T08:32:34.579Z",
"dateReserved": "2024-05-02T18:56:00.932Z",
"dateUpdated": "2026-04-08T17:21:59.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6099 (GCVE-0-2024-6099)
Vulnerability from cvelistv5 – Published: 2024-07-02 11:01 – Updated: 2026-04-08 17:03
VLAI
Title
LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration
Summary
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
Affected:
0 , ≤ 4.2.6.8.1
(semver)
|
|
| thimpress | learnpress |
Affected:
0 , ≤ 4.2.6.8.1
(custom)
cpe:2.3:a:thimpress:learnpress:-:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thimpress:learnpress:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "learnpress",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.2.6.8.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T14:05:58.827430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T14:08:59.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3109339/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.2.6.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khayal Farzaliyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the \u0027check_validate_fields\u0027 function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:03:16.963Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3109339/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.2.6.8.1 - Unauthenticated Bypass to User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6099",
"datePublished": "2024-07-02T11:01:35.868Z",
"dateReserved": "2024-06-17T21:41:27.658Z",
"dateUpdated": "2026-04-08T17:03:16.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6242 (GCVE-0-2024-6242)
Vulnerability from cvelistv5 – Published: 2024-08-01 15:15 – Updated: 2025-09-25 13:34
VLAI
Title
Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices
Summary
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a ControlLogix® controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ControlLogix® 5580 (1756-L8z) |
Affected:
V28
|
|
| Rockwell Automation | GuardLogix® 5580 (1756-L8zS) |
Affected:
V31
|
|
| Rockwell Automation | 1756-EN4TR |
Affected:
V2
|
|
| Rockwell Automation | 1756-EN2T |
Affected:
v5.007(unsigned)/v5.027(signed)
|
|
| Rockwell Automation | 1756-EN2F |
Affected:
v5.007(unsigned)/v5.027(signed)
|
|
| Rockwell Automation | 1756-EN2TR |
Affected:
v5.007(unsigned)/v5.027(signed)
|
|
| Rockwell Automation | 1756-EN3TR |
Affected:
v5.007(unsigned)/v5.027(signed)
|
|
| Rockwell Automation | 1756-EN2T |
Affected:
1756-EN2T/D: V10.006
|
|
| Rockwell Automation | 1756-EN2F |
Affected:
1756-EN2F/C: V10.009
|
|
| Rockwell Automation | 1756-EN2TR |
Affected:
1756-EN2TR/C: V10.007
|
|
| Rockwell Automation | 1756-EN3TR |
Affected:
1756-EN3TR/B: V10.007
|
|
| Rockwell Automation | 1756-EN2TP |
Affected:
1756-EN2TP/A: V10.020
|
Date Public
2024-08-01 13:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T13:34:35.364759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:34:40.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ControlLogix\u00ae 5580 (1756-L8z)",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V28"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix\u00ae 5580 (1756-L8zS)",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V31"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN4TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V2"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series A/B/C"
],
"product": "1756-EN2T",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.007(unsigned)/v5.027(signed)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series A/B"
],
"product": "1756-EN2F",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.007(unsigned)/v5.027(signed)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series A/B"
],
"product": "1756-EN2TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.007(unsigned)/v5.027(signed)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series B"
],
"product": "1756-EN3TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.007(unsigned)/v5.027(signed)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series D"
],
"product": "1756-EN2T",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1756-EN2T/D: V10.006"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN2F",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1756-EN2F/C: V10.009"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series C"
],
"product": "1756-EN2TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1756-EN2TR/C: V10.007"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series B"
],
"product": "1756-EN3TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1756-EN3TR/B: V10.007"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Series A"
],
"product": "1756-EN2TP",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1756-EN2TP/A: V10.020"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Claroty reported this vulnerability."
}
],
"datePublic": "2024-08-01T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. \u0026nbsp;\u003c/span\u003e"
}
],
"value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420: Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:15:32.220Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"
}
],
"source": {
"advisory": "SD1682",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Product \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFirst Known in Firmware Revision \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eCorrected in Firmware Revision \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eControlLogix\u00ae 5580 (1756-L8z) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV28 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV32.016, V33.015, V34.014, \u0026nbsp;\u003cbr\u003eV35.011 and later \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eGuardLogix\u00ae 5580 (1756-L8zS) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV31 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV32.016, V33.015, V34.014, \u0026nbsp;\u003cbr\u003eV35.011 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN4TR \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV2 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV5.001 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T, Series A/B/C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F, Series A/B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR, Series A/B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR, Series B \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003ev5.007(unsigned)/v5.027(signed) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T, Series D \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F, Series C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR, Series C \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR, Series B \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TP, Series A \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2T/D: V10.006 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2F/C: V10.009 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TR/C: V10.007 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN3TR/B: V10.007 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e1756-EN2TP/A: V10.020 \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eV12.001 and later \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u003c/span\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eLimit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Affected Product \n\n\n\n\n\nFirst Known in Firmware Revision \n\n\n\n\n\nCorrected in Firmware Revision \n\n\n\n\n\nControlLogix\u00ae 5580 (1756-L8z) \n\n\n\n\n\nV28 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\u00a0\n\n\n\n\n\nGuardLogix\u00ae 5580 (1756-L8zS) \n\n\n\n\n\nV31 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\n\n1756-EN4TR \n\n\n\n\n\nV2 \n\n\n\n\n\nV5.001 and later \n\n\n\n\n\n1756-EN2T, Series A/B/C \n\n\n\n1756-EN2F, Series A/B \n\n\n\n1756-EN2TR, Series A/B \n\n\n\n1756-EN3TR, Series B \n\n\n\n\n\nv5.007(unsigned)/v5.027(signed) \n\n\n\n\n\nNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \n\n\n\n\n\n1756-EN2T, Series D \n\n\n\n1756-EN2F, Series C \n\n\n\n1756-EN2TR, Series C \n\n\n\n1756-EN3TR, Series B \n\n\n\n1756-EN2TP, Series A \n\n\n\n\n\n1756-EN2T/D: V10.006 \n\n\n\n1756-EN2F/C: V10.009 \n\n\n\n1756-EN2TR/C: V10.007 \n\n\n\n1756-EN3TR/B: V10.007 \n\n\n\n1756-EN2TP/A: V10.020 \n\n\n\n\n\nV12.001 and later \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u202f\u00a0\n\n\n\n * Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \n\n\n\n\n\n\n\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-6242",
"datePublished": "2024-08-01T15:15:32.220Z",
"dateReserved": "2024-06-21T12:21:00.689Z",
"dateUpdated": "2025-09-25T13:34:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8038 (GCVE-0-2024-8038)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:12 – Updated: 2024-10-02 13:53
VLAI
Summary
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
Severity
7.9 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/juju/juju/security/advisories/… | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-8038 | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:52:58.112532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:53:24.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:12:38.806Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8038"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-8038",
"datePublished": "2024-10-02T10:12:38.806Z",
"dateReserved": "2024-08-21T01:05:01.458Z",
"dateUpdated": "2024-10-02T13:53:24.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1095 (GCVE-0-2025-1095)
Vulnerability from cvelistv5 – Published: 2025-04-08 15:11 – Updated: 2026-02-26 18:28
VLAI
Title
IBM Personal Communications command execution
Summary
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7230335 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Personal Communications |
Affected:
v14
Affected: v15 cpe:2.3:a:ibm:personal_communications:14.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:personal_communications:15.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T04:00:53.807291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:38.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:personal_communications:14.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:personal_communications:15.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Personal Communications",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "v14"
},
{
"status": "affected",
"version": "v15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.\u003c/span\u003e"
}
],
"value": "IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:29:18.930Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7230335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Personal Communications command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1095",
"datePublished": "2025-04-08T15:11:16.272Z",
"dateReserved": "2025-02-06T21:21:05.157Z",
"dateUpdated": "2026-02-26T18:28:38.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13315 (GCVE-0-2025-13315)
Vulnerability from cvelistv5 – Published: 2025-11-19 17:41 – Updated: 2025-11-19 18:20
VLAI
Title
Unauthenticated log access in Twonky Server
Summary
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lynxtechnology | Twonky Server |
Affected:
8.5.2
|
Date Public
2025-11-19 17:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:20:43.773440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:20:50.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Twonky Server",
"vendor": "Lynxtechnology",
"versions": [
{
"status": "affected",
"version": "8.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryan Emmons, Staff Security Researcher at Rapid7"
}
],
"datePublic": "2025-11-19T17:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator\u0027s username and encrypted password."
}
],
"value": "Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator\u0027s username and encrypted password."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420: Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T17:41:36.996Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated log access in Twonky Server",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-13315",
"datePublished": "2025-11-19T17:41:36.996Z",
"dateReserved": "2025-11-17T15:07:40.828Z",
"dateUpdated": "2025-11-19T18:20:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41727 (GCVE-0-2025-41727)
Vulnerability from cvelistv5 – Published: 2026-01-27 11:36 – Updated: 2026-01-27 13:53
VLAI
Title
Beckhoff: Performing privileged operations and gaining administrator access
Summary
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Beckhoff Automation | Beckhoff.Device.Manager.XAR |
Affected:
0.0.0 , < 2.5.3
(semver)
|
|
| Beckhoff Automation | MDP software package for TwinCAT/BSD |
Affected:
0.0.0 , < 1.7.0.0
(semver)
|
|
| Beckhoff Automation | MDP for Beckhoff RT Linux(R) |
Affected:
0.0.0 , < 0.0.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T13:52:11.980827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T13:53:55.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Beckhoff.Device.Manager.XAR",
"vendor": "Beckhoff Automation",
"versions": [
{
"lessThan": "2.5.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MDP software package for TwinCAT/BSD",
"vendor": "Beckhoff Automation",
"versions": [
{
"lessThan": "1.7.0.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MDP for Beckhoff RT Linux(R)",
"vendor": "Beckhoff Automation",
"versions": [
{
"lessThan": "0.0.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Giubertoni from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.\u003cbr\u003e"
}
],
"value": "A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T11:36:54.619Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-092"
}
],
"source": {
"advisory": "VDE-2025-092",
"defect": [
"CERT@VDE#641867"
],
"discovery": "UNKNOWN"
},
"title": "Beckhoff: Performing privileged operations and gaining administrator access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41727",
"datePublished": "2026-01-27T11:36:54.619Z",
"dateReserved": "2025-04-16T11:17:48.318Z",
"dateUpdated": "2026-01-27T13:53:55.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Identify all alternate channels and use the same protection mechanisms that are used for the primary channels.
No CAPEC attack patterns related to this CWE.