CVE-2024-49202

Published: Dic 18, 2024 Last Modified: Dic 21, 2024

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: low

Description

AI Translation Available

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0015

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

276

Incorrect Default Permissions

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: Medium

View CWE Details

https://keyfactor.com

https://software.keyfactor.com/Core-OnPrem/v12.5/Content/Re…

https://software.keyfactor.com/Core-OnPrem/v12.5/Content/ReleaseNotes/ReleaseNo…

CVE-2024-49202

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Incorrect Default Permissions

Common Consequences

Applicable Platforms

Iscriviti alla newsletter