Lucene search

INCIBECVE-2024-5525

HistoryMay 31, 2024 - 8:15 a.m.

CVE-2024-5525

2024-05-3108:15:09

CWE-269

INCIBE

web.nvd.nist.gov

astrotalks

privilege management

vulnerability

local user

administrator access

credentials

administrative actions

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.

Affected configurations

Vulners

Vulnrichment

Node

astrotalksastrotalksRange≤03/10/2023

VendorProductVersionCPE
astrotalksastrotalks*cpe:2.3:a:astrotalks:astrotalks:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
astrotalks	astrotalks	*	cpe:2.3:a:astrotalks:astrotalks::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Astrotalks",
    "vendor": "Astrotalks",
    "versions": [
      {
        "status": "affected",
        "version": "03/10/2023",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-5525