Lucene search

TalosCVELIST:CVE-2024-21785

HistoryMay 28, 2024 - 3:30 p.m.

CVE-2024-21785

2024-05-2815:30:14

CWE-489

talos

www.cve.org

cve-2024-21785

debug code vulnerability

telnet diagnostic interface

unauthorized access

network requests

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "AutomationDirect",
    "product": "P3-550E",
    "versions": [
      {
        "version": "1.2.10.9",
        "status": "affected"
      }
    ]
  }
]

References

community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038

talosintelligence.com/vulnerability_reports/TALOS-2024-1942

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

Related for CVELIST:CVE-2024-21785