9.8
CVE-2024-39375
- EPSS 0.57%
- Veröffentlicht 27.06.2024 16:15:11
- Zuletzt bearbeitet 21.11.2024 09:27:33
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginUse of Client-Side Authentication in TELSAT marKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Markoni ≫ Markoni-d (compact) Firmware Version < 2.0.1
Markoni ≫ Markoni-dh (exciter+amplifiers) Firmware Version < 2.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.425 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-603 Use of Client-Side Authentication
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01