Lucene search

NozomiCVE-2024-3082

HistoryJul 31, 2024 - 2:15 p.m.

CVE-2024-3082

2024-07-3114:15:07

CWE-256

CWE-522

Nozomi

web.nvd.nist.gov

cwe-256

plaintext storage

password

physical access

cleartext

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

21.2%

JSON

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext.

Affected configurations

Nvd

Node

progessensor_net_connect_firmware_v2Match2.24

AND

progessensor_net_connect_v2Match-

VendorProductVersionCPE
progessensor_net_connect_firmware_v22.24cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*
progessensor_net_connect_v2-cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proges	sensor_net_connect_firmware_v2	2.24	cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:::::::*
proges	sensor_net_connect_v2	-	cpe:2.3:h:proges:sensor_net_connect_v2:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Sensor Net Connect V2",
    "vendor": "Plug&Track",
    "versions": [
      {
        "status": "affected",
        "version": "2.24",
        "versionType": "semver"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3082

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

21.2%

JSON

Related for CVE-2024-3082