Lucene search

INCDCVE-2024-41700

HistoryAug 20, 2024 - 12:15 p.m.

CVE-2024-41700

2024-08-2012:15:07

CWE-200

INCD

web.nvd.nist.gov

barix

cwe-200

exposure of sensitive information

unauthorized actor

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected configurations

Nvd

Node

barixsip_client_firmwareMatch-

VendorProductVersionCPE
barixsip_client_firmware-cpe:2.3:o:barix:sip_client_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barix	sip_client_firmware	-	cpe:2.3:o:barix:sip_client_firmware:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Barix SIP Client Web Management Interface UI",
    "vendor": "Barix",
    "versions": [
      {
        "lessThan": "Upgrade to a newer version, or limit access to management port",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

Related for CVE-2024-41700