CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*

cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-31 14:15

Updated : 2024-08-12 18:25

NVD link : CVE-2024-31200

Mitre link : CVE-2024-31200

CVE.ORG link : CVE-2024-31200

JSON object : View

Products Affected

proges

sensor_net_connect_v2
sensor_net_connect_firmware_v2

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

NVD-CWE-Other

{"id": "CVE-2024-31200", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-07-31T14:15:03.823", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200", "tags": ["Third Party Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-201"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A \u201cCWE-201: Insertion of Sensitive Information Into Sent Data\u201d affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser."}, {"lang": "es", "value": " Un \u201cCWE-201: Inserci\u00f3n de informaci\u00f3n confidencial en datos enviados\u201d que afecta la cuenta administrativa permite a un atacante con acceso f\u00edsico a la m\u00e1quina recuperar la contrase\u00f1a en texto plano cuando se abre una sesi\u00f3n administrativa en el navegador."}], "lastModified": "2024-08-12T18:25:44.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11A63CF8-0093-4A0A-BE55-80DD1FA882BE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38E5FC75-C0FB-4192-BE05-9A581A790EAF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "prodsec@nozominetworks.com"}