Today > | 16 High | 14 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-50380

Dec. 2, 2024, 5:15 p.m.

Tags

ics-cert@hq.dhs.gov
CWE-290
2024-12-02
CVE-2024-50380

Product(s) Impacted

Snap One OVRC cloud

Description

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

Weaknesses

CWE-290
Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

CWE ID: 290

Date

Published: Dec. 2, 2024, 5:15 p.m.

Last Modified: Dec. 2, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

References

https://www.cisa.gov/ ics-cert@hq.dhs.gov