Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2024-5322 (GCVE-0-2024-5322)

Vulnerability from cvelistv5 – Published: 2024-07-01 20:46 – Updated: 2024-08-01 21:11
VLAI
Title
N-central Authentication Bypass via Session Rebinding
Summary
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
N-able N-central Affected: <2024.3 (custom)
Create a notification for this product.
n-able n-central Affected: 0 , < 2024.3 (custom)
    cpe:2.3:a:n-able:n-central:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:n-able:n-central:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "n-central",
            "vendor": "n-able",
            "versions": [
              {
                "lessThan": "2024.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T14:10:57.247230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T19:54:25.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:11:12.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "N-central",
          "vendor": "N-able",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c2024.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.\u003cbr\u003e \u003cbr\u003eThis vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.\n \nThis vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T20:46:40.163Z",
        "orgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b",
        "shortName": "N-able"
      },
      "references": [
        {
          "url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htm"
        },
        {
          "url": "https://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to N-central version 2024.3 or higher\u003cbr\u003e"
            }
          ],
          "value": "Upgrade to N-central version 2024.3 or higher"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "N-central Authentication Bypass via Session Rebinding",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b",
    "assignerShortName": "N-able",
    "cveId": "CVE-2024-5322",
    "datePublished": "2024-07-01T20:46:40.163Z",
    "dateReserved": "2024-05-24T15:18:38.210Z",
    "dateUpdated": "2024-08-01T21:11:12.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5204 (GCVE-0-2024-5204)

Vulnerability from cvelistv5 – Published: 2024-05-29 02:00 – Updated: 2026-04-08 17:13
VLAI
Title
Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass
Summary
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and above permissions to log in as any existing user on the site, such as an administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
wpmessiah Swiss Toolkit For WP Affected: 0 , ≤ 1.0.7 (semver)
Create a notification for this product.
boomdevs swiss_toolkit Affected: 0 , ≤ 1.0.7 (semver)
    cpe:2.3:a:boomdevs:swiss_toolkit:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:boomdevs:swiss_toolkit:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "swiss_toolkit",
            "vendor": "boomdevs",
            "versions": [
              {
                "lessThanOrEqual": "1.0.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5204",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T14:55:33.944556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:02:11.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8526106-847a-420f-9275-f759a8dd4dfb?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-generate-login-url.php?rev=3077000#L50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3091913/swiss-toolkit-for-wp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Swiss Toolkit For WP",
          "vendor": "wpmessiah",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and above permissions to log in as any existing user on the site, such as an administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:13:51.659Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8526106-847a-420f-9275-f759a8dd4dfb?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-generate-login-url.php?rev=3077000#L50"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3091913/swiss-toolkit-for-wp"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-22T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-05-22T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-05-28T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Swiss Toolkit For WP \u003c= 1.0.7 - Authenticated (Contributor+) Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-5204",
    "datePublished": "2024-05-29T02:00:35.975Z",
    "dateReserved": "2024-05-22T15:35:54.927Z",
    "dateUpdated": "2026-04-08T17:13:51.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-5150 (GCVE-0-2024-5150)

Vulnerability from cvelistv5 – Published: 2024-05-29 02:00 – Updated: 2026-04-08 17:24
VLAI
Title
Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check
Summary
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:26:09.785620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T18:26:30.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OTP Login With Phone Number, OTP Verification",
          "vendor": "glboy",
          "versions": [
            {
              "lessThanOrEqual": "1.7.26",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the \u0027activation_code\u0027 default value is empty, and the not empty check is missing in the \u0027lwp_ajax_register\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:24:37.444Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-20T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-05-20T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-05-28T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Login with phone number \u003c= 1.7.26 - Authentication Bypass due to Missing Empty Value Check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-5150",
    "datePublished": "2024-05-29T02:00:37.242Z",
    "dateReserved": "2024-05-20T18:19:48.464Z",
    "dateUpdated": "2026-04-08T17:24:37.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4552 (GCVE-0-2024-4552)

Vulnerability from cvelistv5 – Published: 2024-06-04 02:00 – Updated: 2026-04-08 17:34
VLAI
Title
Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
Summary
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
phoeniixx Social Login Lite For WooCommerce Affected: 0 , ≤ 1.6.0 (semver)
Create a notification for this product.
phoeniixx social_login_lite_for_woocommerce Affected: 0 , ≤ 1.6.0 (custom)
    cpe:2.3:a:phoeniixx:social_login_lite_for_woocommerce:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:phoeniixx:social_login_lite_for_woocommerce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "social_login_lite_for_woocommerce",
            "vendor": "phoeniixx",
            "versions": [
              {
                "lessThanOrEqual": "1.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4552",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T17:31:08.946932Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:36:17.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:40.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/social-login-lite-for-woocommerce/tags/1.6.0/woocommerce_social_login.php#L499"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Social Login Lite For WooCommerce",
          "vendor": "phoeniixx",
          "versions": [
            {
              "lessThanOrEqual": "1.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:34:07.339Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/social-login-lite-for-woocommerce/tags/1.6.0/woocommerce_social_login.php#L499"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-06T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-06-03T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Social Login Lite For WooCommerce \u003c= 1.6.0 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4552",
    "datePublished": "2024-06-04T02:00:56.379Z",
    "dateReserved": "2024-05-06T16:53:27.321Z",
    "dateUpdated": "2026-04-08T17:34:07.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4544 (GCVE-0-2024-4544)

Vulnerability from cvelistv5 – Published: 2024-05-24 03:30 – Updated: 2026-04-08 17:18
VLAI
Title
Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass
Summary
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:39.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b98179c3-8b32-4d75-9f3f-2367215a740b?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.3/pie-register.php#L2959"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4544",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T17:18:03.397955Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T14:59:35.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pie Register - Social Sites Login (Add on)",
          "vendor": "Genetech Solutions",
          "versions": [
            {
              "lessThanOrEqual": "1.7.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:18:03.165Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b98179c3-8b32-4d75-9f3f-2367215a740b?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.3/pie-register.php#L2959"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-06T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-05-06T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-05-23T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Pie Register - Social Sites Login (Add on) \u003c= 1.7.7 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4544",
    "datePublished": "2024-05-24T03:30:34.564Z",
    "dateReserved": "2024-05-06T13:08:54.461Z",
    "dateUpdated": "2026-04-08T17:18:03.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4393 (GCVE-0-2024-4393)

Vulnerability from cvelistv5 – Published: 2024-05-08 03:02 – Updated: 2026-04-08 16:43
VLAI
Title
Social Connect <= 1.2 - Authentication Bypass
Summary
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
thenbrent Social Connect Affected: 0 , ≤ 1.2 (semver)
Create a notification for this product.
thenbrent social_connect_plugin Affected: 0 , ≤ 1.2 (custom)
    cpe:2.3:a:thenbrent:social_connect_plugin:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:thenbrent:social_connect_plugin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "social_connect_plugin",
            "vendor": "thenbrent",
            "versions": [
              {
                "lessThanOrEqual": "1.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T14:28:26.408350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T19:49:27.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Social Connect",
          "vendor": "thenbrent",
          "versions": [
            {
              "lessThanOrEqual": "1.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:43:08.845Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-01T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-05-07T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Social Connect \u003c= 1.2 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4393",
    "datePublished": "2024-05-08T03:02:42.014Z",
    "dateReserved": "2024-05-01T16:02:35.514Z",
    "dateUpdated": "2026-04-08T16:43:08.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4186 (GCVE-0-2024-4186)

Vulnerability from cvelistv5 – Published: 2024-05-07 05:32 – Updated: 2026-04-08 16:58
VLAI
Title
Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check
Summary
The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T18:33:50.548528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:55:56.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:52.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Edwiser Bridge \u2013 WordPress Moodle Integration",
          "vendor": "wisdmlabs",
          "versions": [
            {
              "lessThanOrEqual": "3.0.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the \u0027eb_user_email_verification_key\u0027 default value is empty, and the not empty check is missing in the \u0027eb_user_email_verify\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the \u0027Email Verification\u0027 setting is enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:58:38.790Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-25T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-04-25T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-05-06T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Edwiser Bridge \u003c= 3.0.5 - Authentication Bypass due to Missing Empty Value Check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4186",
    "datePublished": "2024-05-07T05:32:58.532Z",
    "dateReserved": "2024-04-25T14:30:11.072Z",
    "dateUpdated": "2026-04-08T16:58:38.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-3496 (GCVE-0-2024-3496)

Vulnerability from cvelistv5 – Published: 2024-06-14 04:13 – Updated: 2024-08-19 12:45
VLAI
Title
Authentication Bypass Vulnerability
Summary
Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Toshiba Tec Corporation Toshiba Tec e-Studio multi-function peripheral (MFP) Affected: see the reference URL
Create a notification for this product.
toshibatec e-studio-2525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3025_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3028-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2521_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2020_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2520_nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2021_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6526-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-9029-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-330-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-400-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2010-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2110-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2510-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2610-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3115-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4515_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4615_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5015_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5115_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2518_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2618_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-14 02:00
Credits
We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:07.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/20240531_01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3025_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3028-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2521_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2020_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2520_nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2021_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6526-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-9029-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-330-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-400-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2010-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2110-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2510-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2610-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3115-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4515_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4615_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5015_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5115_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2518_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2618_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T12:45:03.854761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T12:45:16.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "see the reference URL"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If user authentication is disabled.\u003cbr\u003e"
            }
          ],
          "value": "If user authentication is disabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products."
        }
      ],
      "datePublic": "2024-06-14T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Attackers can bypass the web login authentication process to gain access to the printer\u0027s system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL."
            }
          ],
          "value": "Attackers can bypass the web login authentication process to gain access to the printer\u0027s system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We are not aware of any malicious exploitation by these vulnerabilities.\u003cbr\u003e"
            }
          ],
          "value": "We are not aware of any malicious exploitation by these vulnerabilities."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T04:13:22.003Z",
        "orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
        "shortName": "Toshiba"
      },
      "references": [
        {
          "url": "https://www.toshibatec.com/information/20240531_01.html"
        },
        {
          "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-14T02:00:00.000Z",
          "value": "Fixes will be released"
        }
      ],
      "title": "Authentication Bypass Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.\u003cbr\u003e"
            }
          ],
          "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
    "assignerShortName": "Toshiba",
    "cveId": "CVE-2024-3496",
    "datePublished": "2024-06-14T04:13:22.003Z",
    "dateReserved": "2024-04-09T00:59:33.888Z",
    "dateUpdated": "2024-08-19T12:45:16.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2973 (GCVE-0-2024-2973)

Vulnerability from cvelistv5 – Published: 2024-06-27 20:17 – Updated: 2024-08-01 19:32
VLAI
Title
Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts. Session Smart Conductor:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts.  WAN Assurance Router:  * 6.0 versions before 6.1.9-lts,  * 6.2 versions before 6.2.5-sts.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Juniper Networks Session Smart Router Affected: 0 , < 5.6.15 (semver)
Affected: 6.0 , < 6.1.9-lts (semver)
Affected: 6.2 , < 6.2.5-sts (semver)
Create a notification for this product.
Juniper Networks Session Smart Conductor Affected: 0 , < 5.6.15 (semver)
Affected: 6.0 , < 6.1.9-lts (semver)
Affected: 6.2 , < 6.2.5-sts (semver)
Create a notification for this product.
Juniper Networks WAN Assurance Router Affected: 6.0 , < 6.1.9-lts (semver)
Affected: 6.2 , < 6.2.5-sts (semver)
Create a notification for this product.
juniper session_smart_conductor Affected: 0 , < 5.6.15 (custom)
Affected: 6.0 , < 6.1.9-lts (custom)
Affected: 6.2 , < 6.2.5-sts (custom)
    cpe:2.3:h:juniper:session_smart_conductor:*:*:*:*:*:*:*:*
Create a notification for this product.
juniper wan_assurance_router Affected: 6.0 , < 6.1.9-lts (custom)
Affected: 6.2 , < 6.2.5-sts (custom)
    cpe:2.3:h:juniper:wan_assurance_router:6.0:*:*:*:*:*:*:*
Create a notification for this product.
juniper session_smart_router Affected: 0 , < 5.6.15 (custom)
Affected: 6.0 , < 6.1.9-lts (custom)
Affected: 6.2 , < 6.2.5-sts (custom)
    cpe:2.3:h:juniper:session_smart_router:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-27 19:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:juniper:session_smart_conductor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "session_smart_conductor",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "5.6.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.1.9-lts",
                "status": "affected",
                "version": "6.0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.2.5-sts",
                "status": "affected",
                "version": "6.2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:juniper:wan_assurance_router:6.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wan_assurance_router",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "6.1.9-lts",
                "status": "affected",
                "version": "6.0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.2.5-sts",
                "status": "affected",
                "version": "6.2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:juniper:session_smart_router:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "session_smart_router",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "5.6.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.1.9-lts",
                "status": "affected",
                "version": "6.0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.2.5-sts",
                "status": "affected",
                "version": "6.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T03:55:38.720Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA83126"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://support.juniper.net/support/eol/software/ssr/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Session Smart Router",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "5.6.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.9-lts",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.2.5-sts",
              "status": "affected",
              "version": "6.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Session Smart Conductor",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "5.6.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.9-lts",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.2.5-sts",
              "status": "affected",
              "version": "6.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WAN Assurance Router",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "6.1.9-lts",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.2.5-sts",
              "status": "affected",
              "version": "6.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-27T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.\u003cbr\u003e\u003cp\u003e\u003cb\u003eOnly routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.\u003c/b\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eNo other Juniper Networks products or platforms are affected by this issue.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eSession Smart Router:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 5.6.15,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.0 before 6.1.9-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.2 before 6.2.5-sts.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eSession Smart Conductor:\u0026nbsp;\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 5.6.15,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.0 before 6.1.9-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.2 before 6.2.5-sts.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eWAN Assurance Router:\u0026nbsp;\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e6.0 versions before 6.1.9-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003e6.2 versions before 6.2.5-sts.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.\nOnly routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.\n\n\n\n\nNo other Juniper Networks products or platforms are affected by this issue.\n\n\n\n\n\nThis issue affects:\n\nSession Smart Router:\u00a0\n\n\n\n  *  All versions before 5.6.15,\u00a0\n  *  from 6.0 before 6.1.9-lts,\u00a0\n  *  from 6.2 before 6.2.5-sts.\n\n\n\nSession Smart Conductor:\u00a0\n\n\n\n  *  All versions before 5.6.15,\u00a0\n  *  from 6.0 before 6.1.9-lts,\u00a0\n  *  from 6.2 before 6.2.5-sts.\u00a0\n\n\n\nWAN Assurance Router:\u00a0\n\n\n\n  *  6.0 versions before 6.1.9-lts,\u00a0\n  *  6.2 versions before 6.2.5-sts."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T20:25:06.777Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA83126"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://support.juniper.net/support/eol/software/ssr/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this issue:\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eSession Smart Router:\u003c/strong\u003e SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases. \u003c/p\u003e\u003cp\u003e\u003cbr\u003eIt is suggested to upgrade all affected systems to these versions of software. In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis vulnerability has been patched automatically on affected devices for WAN Assurance routers connected to the Mist Cloud. For systems that are provisioned in a High-Availability cluster, these should be upgraded to a patched version as soon as practical (SSR-6.1.9 or SSR-6.2.5).\u003c/p\u003e\u003cp\u003e\u003cbr\u003eIt is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this issue:\n\n\nSession Smart Router: SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases. \n\n\nIt is suggested to upgrade all affected systems to these versions of software. In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.\n\n\nThis vulnerability has been patched automatically on affected devices for WAN Assurance routers connected to the Mist Cloud. For systems that are provisioned in a High-Availability cluster, these should be upgraded to a patched version as soon as practical (SSR-6.1.9 or SSR-6.2.5).\n\n\nIt is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly."
        }
      ],
      "source": {
        "advisory": "JSA83126",
        "defect": [
          "I95-56931"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-27T19:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-2973",
    "datePublished": "2024-06-27T20:17:50.239Z",
    "dateReserved": "2024-03-26T23:06:22.816Z",
    "dateUpdated": "2024-08-01T19:32:42.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2056 (GCVE-0-2024-2056)

Vulnerability from cvelistv5 – Published: 2024-03-05 18:57 – Updated: 2025-02-13 17:32
VLAI
Title
Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Summary
Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
AHA
Impacted products
Vendor Product Version
Artica Tech Artica Proxy Affected: 4.50
Create a notification for this product.
articatech artica_proxy Affected: 4.50
    cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-05 18:00
Credits
Jim Becher of KoreLogic, Inc. Jaggar Henry of KoreLogic, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:38.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://github.com/gvalkov/tailon#security"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/14"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "artica_proxy",
            "vendor": "articatech",
            "versions": [
              {
                "status": "affected",
                "version": "4.50"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2056",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-23T20:29:37.739652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-23T20:31:03.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Artica Proxy",
          "vendor": "Artica Tech",
          "versions": [
            {
              "status": "affected",
              "version": "4.50"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jim Becher of KoreLogic, Inc."
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jaggar Henry of KoreLogic, Inc."
        }
      ],
      "datePublic": "2024-03-05T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the \"tailon\" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003egvalkov\u0027s \u0027tailon\u0027 GitHub repo\u003c/span\u003e. Using the tailon service, the contents of any file on the Artica Proxy can be viewed."
            }
          ],
          "value": "Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the \"tailon\" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov\u0027s \u0027tailon\u0027 GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-05T19:00:13.860Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/gvalkov/tailon#security"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/14"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Artica Proxy Loopback Services Remotely Accessible Unauthenticated",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2024-2056",
    "datePublished": "2024-03-05T18:57:03.524Z",
    "dateReserved": "2024-03-01T02:03:12.654Z",
    "dateUpdated": "2025-02-13T17:32:34.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.