Lucene search

INCIBEVULNRICHMENT:CVE-2024-1302

HistoryMar 12, 2024 - 3:26 p.m.

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

2024-03-1215:26:52

CWE-200

INCIBE

github.com

badger meter

monitool

cve-2024-1302

vulnerabilities

information exposure

database credentials

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application’s file parameter to a log file obtaining all sensitive information such as database credentials.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:badgermeter:moni\\:\\:tool:*:*:*:*:*:*:*:*"
    ],
    "vendor": "badgermeter",
    "product": "moni\\:\\:tool",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.6.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-1302