Lucene search

[email protected]CVE-2024-3013

HistoryMar 28, 2024 - 1:15 a.m.

CVE-2024-3013

2024-03-2801:15:47

CWE-285

[email protected]

web.nvd.nist.gov

flir ax8

critical vulnerability

improper authorization

remote attack

user registration

exploit disclosed

vdb-258299

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Vulners

Node

flirflir_ax8Match1.46.0

flirflir_ax8Match1.46.1

flirflir_ax8Match1.46.2

flirflir_ax8Match1.46.3

flirflir_ax8Match1.46.4

flirflir_ax8Match1.46.5

flirflir_ax8Match1.46.6

flirflir_ax8Match1.46.7

flirflir_ax8Match1.46.8

flirflir_ax8Match1.46.9

flirflir_ax8Match1.46.10

flirflir_ax8Match1.46.11

flirflir_ax8Match1.46.12

flirflir_ax8Match1.46.13

flirflir_ax8Match1.46.14

flirflir_ax8Match1.46.15

flirflir_ax8Match1.46.16

VendorProductVersionCPE
flirflir_ax81.46.0cpe:2.3:h:flir:flir_ax8:1.46.0:*:*:*:*:*:*:*
flirflir_ax81.46.1cpe:2.3:h:flir:flir_ax8:1.46.1:*:*:*:*:*:*:*
flirflir_ax81.46.2cpe:2.3:h:flir:flir_ax8:1.46.2:*:*:*:*:*:*:*
flirflir_ax81.46.3cpe:2.3:h:flir:flir_ax8:1.46.3:*:*:*:*:*:*:*
flirflir_ax81.46.4cpe:2.3:h:flir:flir_ax8:1.46.4:*:*:*:*:*:*:*
flirflir_ax81.46.5cpe:2.3:h:flir:flir_ax8:1.46.5:*:*:*:*:*:*:*
flirflir_ax81.46.6cpe:2.3:h:flir:flir_ax8:1.46.6:*:*:*:*:*:*:*
flirflir_ax81.46.7cpe:2.3:h:flir:flir_ax8:1.46.7:*:*:*:*:*:*:*
flirflir_ax81.46.8cpe:2.3:h:flir:flir_ax8:1.46.8:*:*:*:*:*:*:*
flirflir_ax81.46.9cpe:2.3:h:flir:flir_ax8:1.46.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8	1.46.0	cpe:2.3:h:flir:flir_ax8:1.46.0:::::::*
flir	flir_ax8	1.46.1	cpe:2.3:h:flir:flir_ax8:1.46.1:::::::*
flir	flir_ax8	1.46.2	cpe:2.3:h:flir:flir_ax8:1.46.2:::::::*
flir	flir_ax8	1.46.3	cpe:2.3:h:flir:flir_ax8:1.46.3:::::::*
flir	flir_ax8	1.46.4	cpe:2.3:h:flir:flir_ax8:1.46.4:::::::*
flir	flir_ax8	1.46.5	cpe:2.3:h:flir:flir_ax8:1.46.5:::::::*
flir	flir_ax8	1.46.6	cpe:2.3:h:flir:flir_ax8:1.46.6:::::::*
flir	flir_ax8	1.46.7	cpe:2.3:h:flir:flir_ax8:1.46.7:::::::*
flir	flir_ax8	1.46.8	cpe:2.3:h:flir:flir_ax8:1.46.8:::::::*
flir	flir_ax8	1.46.9	cpe:2.3:h:flir:flir_ax8:1.46.9:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "vendor": "FLIR",
    "product": "AX8",
    "versions": [
      {
        "version": "1.46.0",
        "status": "affected"
      },
      {
        "version": "1.46.1",
        "status": "affected"
      },
      {
        "version": "1.46.2",
        "status": "affected"
      },
      {
        "version": "1.46.3",
        "status": "affected"
      },
      {
        "version": "1.46.4",
        "status": "affected"
      },
      {
        "version": "1.46.5",
        "status": "affected"
      },
      {
        "version": "1.46.6",
        "status": "affected"
      },
      {
        "version": "1.46.7",
        "status": "affected"
      },
      {
        "version": "1.46.8",
        "status": "affected"
      },
      {
        "version": "1.46.9",
        "status": "affected"
      },
      {
        "version": "1.46.10",
        "status": "affected"
      },
      {
        "version": "1.46.11",
        "status": "affected"
      },
      {
        "version": "1.46.12",
        "status": "affected"
      },
      {
        "version": "1.46.13",
        "status": "affected"
      },
      {
        "version": "1.46.14",
        "status": "affected"
      },
      {
        "version": "1.46.15",
        "status": "affected"
      },
      {
        "version": "1.46.16",
        "status": "affected"
      }
    ],
    "modules": [
      "User Registration"
    ]
  }
]

References

h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdf

vuldb.com/?ctiid.258299

vuldb.com/?id.258299

vuldb.com/?submit.301588

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2024-3013

nvd1 cvelist1