Lucene search

[email protected]NVD:CVE-2024-3082

HistoryJul 31, 2024 - 2:15 p.m.

CVE-2024-3082

2024-07-3114:15:07

CWE-256

CWE-522

[email protected]

web.nvd.nist.gov

cve-2024-3082

administrative account

physical access

cleartext

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext.

Affected configurations

Nvd

Node

progessensor_net_connect_firmware_v2Match2.24

AND

progessensor_net_connect_v2Match-

VendorProductVersionCPE
progessensor_net_connect_firmware_v22.24cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*
progessensor_net_connect_v2-cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proges	sensor_net_connect_firmware_v2	2.24	cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:::::::*
proges	sensor_net_connect_v2	-	cpe:2.3:h:proges:sensor_net_connect_v2:-:::::::*

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3082

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.2%

JSON

Related for NVD:CVE-2024-3082

cve1 vulnrichment1 cvelist1