Lucene search

TR-CERTVULNRICHMENT:CVE-2024-3375

HistoryApr 29, 2024 - 9:00 a.m.

CVE-2024-3375 Broken Access Control in Havelsan's Dialogue

2024-04-2909:00:09

CWE-732

TR-CERT

github.com

cve-2024-3375

broken access control

havelsan dialogue

incorrect permission assignment

critical resource

acls

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

9.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:havelsan:dialogue:1.83:*:*:*:*:*:*:*"
    ],
    "vendor": "havelsan",
    "product": "dialogue",
    "versions": [
      {
        "status": "affected",
        "version": "1.83",
        "lessThan": "1.83.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0363

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

9.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-3375