IcscertVULNRICHMENT:CVE-2024-43692CVE-2024-43692 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:*"
],
"vendor": "doverfuelingsolutions",
"product": "maglink_lx_console",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.4.2.2.6"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:*"
],
"vendor": "doverfuelingsolutions",
"product": "maglink_lx4_console",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "4.17.9e"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total