CVE-2024-7746

EPSS 0.25%
Veröffentlicht 13.08.2024 16:15:09
Zuletzt bearbeitet 22.08.2024 14:40:44
Quelle cve@asrg.io
CVE-Watchlists
Login
Unerledigt
Login

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. 
These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Traccar ≫ Traccar Version >= 2.12 <= 6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.481

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@asrg.io	9.5	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://asrg.io/security-advisories/cve-2024-7746/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7746

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7746