Lucene search

KasperskyVULNRICHMENT:CVE-2024-8651

HistorySep 19, 2024 - 4:30 p.m.

CVE-2024-8651 Netcat CMS: user enumeration

2024-09-1916:30:10

CWE-204

Kaspersky

github.com

netcat cms

vulnerability

user enumeration

crafted http request

patch

vendor

version 6.4.0.24248

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.

Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*"
    ],
    "vendor": "netcat",
    "product": "netcat",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0.24126.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-8651