Lucene search
K
MeshcentralMeshcentral

4 matches found

CVE
CVE
added 2024/02/20 7:50 p.m.134 views

CVE-2024-26135

Vulnerability summary (CVE-2024-26135): MeshCentral versions prior to 1.1.21 have a cross-site websocket hijacking (CSWSH) vulnerability in the control.ashx endpoint. An attacker can lure a victim/admin to a malicious page and originate a cross-site websocket connection to control.ashx, enabling ...

8.8CVSS8.1AI score0.00464EPSS
CVE
CVE
added 2024/02/02 12:0 a.m.66 views

CVE-2023-51838

CVE-2023-51838 affects MeshCentral 1.1.16. The issue arises from Use of a Broken or Risky Cryptographic Algorithm; Veracode notes HMAC-MD5 usage. CVSS v3.1 base score 7.5 (HIGH) with Confidentiality impact HIGH. No explicit remediation or patch details are provided in the supplied documents; expl...

7.5CVSS7.5AI score0.00525EPSS
CVE
CVE
added 2024/01/29 12:0 a.m.54 views

CVE-2023-51842

CVE-2023-51842 involves MeshCentral by Ylianst, affecting version 1.1.16. Public records describe an algorithm-downgrade issue, with CVSS v3.1 base score 7.5 (HIGH; Network attack vector, no privileges, no user interaction). The available documents do not provide specifics on the root cause beyon...

7.5CVSS7.4AI score0.00835EPSS
CVE
CVE
added 2024/01/30 12:0 a.m.41 views

CVE-2023-51837

CVE-2023-51837 affects MeshCentral 1.1.16. The issue is missing SSL certificate validation in HTTPS/TLS handling, enabling high-impact exposure on network access (confidentiality, integrity, and availability all rated high). Public references consistently describe the vulnerability without giving...

9.8CVSS9.4AI score0.00467EPSS