Lucene search

CERT-InVULNRICHMENT:CVE-2024-47088

HistorySep 19, 2024 - 6:13 a.m.

CVE-2024-47088 User Enumeration vulnerability

2024-09-1906:13:40

CWE-307

CERT-In

github.com

cve-2024-47088

apex softcell ld geo

user enumeration

authentication attempts

api

brute force attack

unauthorized access

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:H/SI:N/VA:N/SA:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apexsoftcell",
    "product": "ld_geo",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.0.0.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:H/SI:N/VA:N/SA:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-47088