Lucene search

INCIBECVELIST:CVE-2024-1302

HistoryMar 12, 2024 - 3:26 p.m.

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

2024-03-1215:26:52

CWE-200

INCIBE

www.cve.org

cve-2024-1302

information exposure

badger meter

monitool

versions up to 4.6.3

local attacker

application's file parameter

log file

sensitive information

database credentials

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application’s file parameter to a log file obtaining all sensitive information such as database credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitool",
    "vendor": "Badger Meter",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.3"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1302