Lucene search

KasperskyCVELIST:CVE-2024-8651

HistorySep 19, 2024 - 4:30 p.m.

CVE-2024-8651 Netcat CMS: user enumeration

2024-09-1916:30:10

CWE-204

Kaspersky

www.cve.org

netcat cms

vulnerability

user enumeration

http request

attack

patch

vendor

version

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.

Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "NetCat CMS",
    "vendor": "NetCat",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0.24126.2"
      },
      {
        "status": "unaffected",
        "version": "6.4.0.24248"
      }
    ]
  }
]

References

github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

17.7%

JSON

Related for CVELIST:CVE-2024-8651