Lucene search
HistoryAug 08, 2024 - 6:15 p.m.
CVE-2024-42408
infoscan
download page
interception
proxy
filename exposure
system
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
18.3%
The InfoScan client download page can be intercepted with a proxy, to
expose filenames located on the system, which could lead to additional
information exposure.
Affected configurations
Node
dorsettcontrolsinfoscanMatch1.32
ORdorsettcontrolsinfoscanMatch1.33
ORdorsettcontrolsinfoscanMatch1.35
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dorsettcontrols | infoscan | 1.32 | cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:* |
| dorsettcontrols | infoscan | 1.33 | cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:* |
| dorsettcontrols | infoscan | 1.35 | cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-42408
2024-08-08 18:15:10
vulnrichment
vulnrichment
CVE-2024-42408 Dorsett Controls InfoScan Path Traversal
2024-08-08 17:27:17
cvelist
cvelist
CVE-2024-42408 Dorsett Controls InfoScan Path Traversal
2024-08-08 17:27:17
nessus
nessus
Dorsett Controls InfoScan < 1.38 Multiple Vulnerabilities (July 2024)
2024-08-15 00:00:00
ics
ics
Dorsett Controls InfoScan
2024-08-08 12:00:00
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
18.3%
Related for NVD:CVE-2024-42408