Lucene search

NozomiVULNRICHMENT:CVE-2024-31200

HistoryJul 31, 2024 - 1:16 p.m.

CVE-2024-31200

2024-07-3113:16:57

CWE-201

Nozomi

github.com

cwe-201 sensitive information administrative session

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

21.2%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

CNA Affected

[
  {
    "vendor": "Plug&Track",
    "product": "Sensor Net Connect V2",
    "versions": [
      {
        "status": "affected",
        "version": "2.24",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

21.2%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-31200