CVE-2024-49399

Oct. 18, 2024, 12:52 p.m.

Tags

ics-cert@hq.dhs.gov
CWE-306
2024-10-17
CVE-2024-49399

Product(s) Impacted

UNKNOWN

Description

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.

Weaknesses

CWE-306
Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE ID: 306

Date

Published: Oct. 17, 2024, 5:15 p.m.

Last Modified: Oct. 18, 2024, 12:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01
ics-cert@hq.dhs.gov