Lucene search

[email protected]NVD:CVE-2024-5525

HistoryMay 31, 2024 - 8:15 a.m.

CVE-2024-5525

2024-05-3108:15:09

CWE-269

[email protected]

web.nvd.nist.gov

nvd

cve-2024-5525

privilege management

astrotalks

local user

administrator

credentials

attacker

administrative actions

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-5525

cvelist1 cve1