Lucene search

NozomiCVELIST:CVE-2024-31200

HistoryJul 31, 2024 - 1:16 p.m.

CVE-2024-31200

2024-07-3113:16:57

CWE-201

Nozomi

www.cve.org

cwe-201

sensitive information insertion

physical access

cleartext password

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Sensor Net Connect V2",
    "vendor": "Plug&Track",
    "versions": [
      {
        "status": "affected",
        "version": "2.24",
        "versionType": "semver"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

Related for CVELIST:CVE-2024-31200