CVE-2024-41270

EPSS 0.06%
Published 06.08.2024 21:16:03
Last modified 12.08.2024 18:25:28
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Appleboy ≫ Gorush SwPlatformgo Version <= 1.18.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.203

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41270

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41270

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41270

EUVD