4 matches found
CVE-2024-26135
Vulnerability summary (CVE-2024-26135): MeshCentral versions prior to 1.1.21 have a cross-site websocket hijacking (CSWSH) vulnerability in the control.ashx endpoint. An attacker can lure a victim/admin to a malicious page and originate a cross-site websocket connection to control.ashx, enabling ...
CVE-2023-51838
CVE-2023-51838 affects MeshCentral 1.1.16. The issue arises from Use of a Broken or Risky Cryptographic Algorithm; Veracode notes HMAC-MD5 usage. CVSS v3.1 base score 7.5 (HIGH) with Confidentiality impact HIGH. No explicit remediation or patch details are provided in the supplied documents; expl...
CVE-2023-51842
CVE-2023-51842 involves MeshCentral by Ylianst, affecting version 1.1.16. Public records describe an algorithm-downgrade issue, with CVSS v3.1 base score 7.5 (HIGH; Network attack vector, no privileges, no user interaction). The available documents do not provide specifics on the root cause beyon...
CVE-2023-51837
CVE-2023-51837 affects MeshCentral 1.1.16. The issue is missing SSL certificate validation in HTTPS/TLS handling, enabling high-impact exposure on network access (confidentiality, integrity, and availability all rated high). Public references consistently describe the vulnerability without giving...