CVE-2024-34162Medium
Share link
Anyone with the link can open this vulnerability.
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP auth…
CVSS
5.3
Medium
EPSS
0.01
p57
Published
2024-01-01
Updated
2024-01-01
Description
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Tags · CWE
Pre-auth
CWE-767
CWE-767BaseIncomplete
Access to Critical Private Variable via Public Method
The product defines a public method that reads or modifies a private variable.
https://cwe.mitre.org/data/definitions/767.html →Open in CWE collection →CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.010 · p57
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
No vulnerabilities match your filters.