9.8

CVE-2024-2413

EPSS 0.57%
Veröffentlicht 13.03.2024 03:15:06
Zuletzt bearbeitet 17.03.2026 19:01:25
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Intumit SmartRobot - Use of Hard-coded Cryptographic Key

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intumit ≫ Smartrobot Version < 6.2.0-202303TW

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2413

EUVD