Lucene search

[email protected]CVE-2024-1890

HistoryFeb 26, 2024 - 4:27 p.m.

CVE-2024-1890

2024-02-2616:27:55

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2024-1890

vulnerability

sunny webbox

firmware

clickjacking

attack

nvd

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier.

Affected configurations

Vulners

Node

smasunny_webboxRange≤1.61

VendorProductVersionCPE
smasunny_webbox*cpe:2.3:h:sma:sunny_webbox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sma	sunny_webbox	*	cpe:2.3:h:sma:sunny_webbox::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sunny Webbox",
    "vendor": "SMA",
    "versions": [
      {
        "lessThanOrEqual": "1.61",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-1890

cvelist1 nvd1 prion1