Lucene search

NozomiCVELIST:CVE-2024-3082

HistoryJul 31, 2024 - 1:14 p.m.

CVE-2024-3082

2024-07-3113:14:32

CWE-256

Nozomi

www.cve.org

cwe-256

plaintext storage

administrative account

physical access

cleartext

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Sensor Net Connect V2",
    "vendor": "Plug&Track",
    "versions": [
      {
        "status": "affected",
        "version": "2.24",
        "versionType": "semver"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3082

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

Related for CVELIST:CVE-2024-3082