Lucene search

INCIBECVELIST:CVE-2024-2371

HistoryMar 12, 2024 - 8:49 a.m.

CVE-2024-2371 Information exposure vulnerability in Korenix JetI/O 6550

2024-03-1208:49:46

CWE-200

INCIBE

www.cve.org

information exposure

korenix jeti/o 6550

firmware version

snmp protocol

plaintext

traffic interception

credentials retrieval

cve-2024-2371

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "JetI/O 6550",
    "vendor": "Korenix",
    "versions": [
      {
        "status": "affected",
        "version": "F208 Build:0817"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-2371