Lucene search

INCIBECVE-2024-1302

HistoryMar 12, 2024 - 4:15 p.m.

CVE-2024-1302

2024-03-1216:15:07

CWE-200

INCIBE

web.nvd.nist.gov

cve-2024-1302

information exposure

badger meter monitool

vulnerability

security

nvd

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application’s file parameter to a log file obtaining all sensitive information such as database credentials.

Affected configurations

Vulners

Vulnrichment

Node

badger_metermonitoolRange≤4.6.3

VendorProductVersionCPE
badger_metermonitool*cpe:2.3:a:badger_meter:monitool:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
badger_meter	monitool	*	cpe:2.3:a:badger_meter:monitool::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitool",
    "vendor": "Badger Meter",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.3"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1302