5.3

CVE-2024-45165

EPSS 0.02%
Veröffentlicht 22.08.2024 04:15:22
Zuletzt bearbeitet 03.09.2025 19:43:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uci ≫ Idol2 Version <= 2.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.syss.de/en/responsible-disclosure-policy

Issue Tracking

http://download.uci.de/idol2/idol2Client_2_12.exe

Broken Link

https://uci.de/download/idol2-client.html

Product

Release Notes

https://uci.de/products/index.html

Product

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-048.txt

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45165

EUVD