CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/gitaware/CVE/blob/main/CVE-2024-48939/20241020_vuln_discl_paxton_API_license.pdf
https://paxton-access.co.uk
https://seclists.org/fulldisclosure/2024/Oct/3
http://seclists.org/fulldisclosure/2024/Oct/3

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-11 01:15

Updated : 2024-11-21 09:41

NVD link : CVE-2024-48939

Mitre link : CVE-2024-48939

CVE.ORG link : CVE-2024-48939

JSON object : View

Products Affected

No product.

CWE

CWE-922

Insecure Storage of Sensitive Information

7.5 /10