CVE-2024-7392

EPSS 0.04%
Veröffentlicht 22.11.2024 22:15:18
Zuletzt bearbeitet 03.12.2024 22:17:52
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the connection handling of the Bluetooth Low Energy interface. The issue results from limiting the number of active connections to the product. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21455.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chargepoint ≫ Home Flex Firmware Version5.5.3.13

Chargepoint ≫ Home Flex Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
zdi-disclosures@trendmicro.com	4.3	2.8	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-410 Insufficient Resource Pool

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

https://www.zerodayinitiative.com/advisories/ZDI-24-1047/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7392

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7392