CVE-2024-10381

EPSS 1.14%
Veröffentlicht 25.10.2024 13:15:17
Zuletzt bearbeitet 14.11.2024 21:44:53
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.

Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Matrixcomsec ≫ Cosec Vega Faxq Firmware Version < v2r17

Matrixcomsec ≫ Cosec Vega Faxq Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.14%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vdisclose@cert-in.org.in	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-10381

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10381

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10381

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10381