CVE-2024-31200

July 31, 2024, 2:15 p.m.

4.2
Medium

Description

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

Product(s) Impacted

Product Versions
UNKNOWN

Weaknesses

CWE-201
Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200

Tags

prodsec@nozominetworks.com
CWE-201
2024-07-31
CVE-2024-31200

CVSS Score

4.2 / 10

CVSS Data

  • Attack Vector: PHYSICAL
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Date

  • Published: July 31, 2024, 2:15 p.m.
  • Last Modified: July 31, 2024, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

prodsec@nozominetworks.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.