CVE-2024-25830

{"id": "CVE-2024-25830", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-29T01:44:16.533", "references": [{"url": "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report", "source": "cve@mitre.org"}, {"url": "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password."}, {"lang": "es", "value": "F-logic DataCube3 v1.0 es vulnerable a un control de acceso incorrecto debido a una restricci\u00f3n de acceso al directorio incorrecta. Un atacante remoto no autenticado puede aprovechar esto enviando un URI que contenga la ruta del archivo de configuraci\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante extraer la contrase\u00f1a de root y de administrador."}], "lastModified": "2024-11-21T09:01:23.427", "sourceIdentifier": "cve@mitre.org"}