CVE-2024-10438 (GCVE-0-2024-10438)

Vulnerability from cvelistv5 – Published: 2024-10-28 02:46 – Updated: 2024-10-28 12:52
VLAI?
Title
Sunnet eHRD CTMS - Authentication Bypass
Summary
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Sunnet eHRD CTMS Affected: 0 , < 10.14 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sunnet:ehrd_ctms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ehrd_ctms",
            "vendor": "sunnet",
            "versions": [
              {
                "lessThan": "10.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T12:51:18.202264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T12:52:28.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "eHRD CTMS",
          "vendor": "Sunnet",
          "versions": [
            {
              "lessThan": "10.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-10-28T02:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u0026nbsp; The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities."
            }
          ],
          "value": "The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-28T02:46:33.258Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u0026nbsp; Please contact Sunnet for version updates or upgrades."
            }
          ],
          "value": "Please contact Sunnet for version updates or upgrades."
        }
      ],
      "source": {
        "advisory": "TVN-202410021",
        "discovery": "EXTERNAL"
      },
      "title": "Sunnet eHRD CTMS - Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-10438",
    "datePublished": "2024-10-28T02:46:33.258Z",
    "dateReserved": "2024-10-28T02:02:16.992Z",
    "dateUpdated": "2024-10-28T12:52:28.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun.net:ehdr_ctms:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.14\", \"matchCriteriaId\": \"A786BFD6-9D10-4A78-8CCB-F9BE63987831\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.\"}, {\"lang\": \"es\", \"value\": \"El eHRD CTMS de Sunnet tiene una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n, que permite a atacantes remotos no autenticados omitir la autenticaci\\u00f3n al satisfacer condiciones espec\\u00edficas para acceder a ciertas funcionalidades.\"}]",
      "id": "CVE-2024-10438",
      "lastModified": "2024-10-31T00:52:18.370",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-10-28T03:15:02.423",
      "references": "[{\"url\": \"https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "twcert@cert.org.tw",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-10438\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-10-28T03:15:02.423\",\"lastModified\":\"2025-09-25T14:13:08.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.\"},{\"lang\":\"es\",\"value\":\"El eHRD CTMS de Sunnet tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, que permite a atacantes remotos no autenticados omitir la autenticaci\u00f3n al satisfacer condiciones espec\u00edficas para acceder a ciertas funcionalidades.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun.net:ehrd_ctms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14\",\"matchCriteriaId\":\"F4860D33-9942-415C-BC6F-07CD6F677511\"}]}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10438\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T12:51:18.202264Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sunnet:ehrd_ctms:*:*:*:*:*:*:*:*\"], \"vendor\": \"sunnet\", \"product\": \"ehrd_ctms\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.14\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T12:52:21.855Z\"}}], \"cna\": {\"title\": \"Sunnet eHRD CTMS - Authentication Bypass\", \"source\": {\"advisory\": \"TVN-202410021\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Sunnet\", \"product\": \"eHRD CTMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.14\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please contact Sunnet for version updates or upgrades.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u0026nbsp; Please contact Sunnet for version updates or upgrades.\", \"base64\": false}]}], \"datePublic\": \"2024-10-28T02:44:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u0026nbsp; The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288 Authentication Bypass Using an Alternate Path or Channel\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-10-28T02:46:33.258Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-10438\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T12:52:28.130Z\", \"dateReserved\": \"2024-10-28T02:02:16.992Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-10-28T02:46:33.258Z\", \"assignerShortName\": \"twcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.