From 7d6493b6f278017bccd43a6be62fba432fbc4004 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Aug 2024 20:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/29xxx/CVE-2024-29082.json | 255 ++++++++++++++++++++++++++++++++- 2024/37xxx/CVE-2024-37023.json | 255 ++++++++++++++++++++++++++++++++- 2024/39xxx/CVE-2024-39791.json | 255 ++++++++++++++++++++++++++++++++- 2024/39xxx/CVE-2024-39815.json | 255 ++++++++++++++++++++++++++++++++- 2024/40xxx/CVE-2024-40476.json | 61 +++++++- 2024/40xxx/CVE-2024-40477.json | 61 +++++++- 2024/40xxx/CVE-2024-40481.json | 56 +++++++- 2024/40xxx/CVE-2024-40482.json | 56 +++++++- 2024/40xxx/CVE-2024-40484.json | 56 +++++++- 2024/40xxx/CVE-2024-40486.json | 61 +++++++- 2024/40xxx/CVE-2024-40487.json | 61 +++++++- 2024/40xxx/CVE-2024-40488.json | 61 +++++++- 2024/41xxx/CVE-2024-41161.json | 2 +- 2024/41xxx/CVE-2024-41936.json | 255 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42001.json | 255 ++++++++++++++++++++++++++++++++- 2024/43xxx/CVE-2024-43205.json | 18 +++ 2024/43xxx/CVE-2024-43206.json | 18 +++ 2024/7xxx/CVE-2024-7625.json | 18 +++ 2024/7xxx/CVE-2024-7626.json | 18 +++ 2024/7xxx/CVE-2024-7627.json | 18 +++ 20 files changed, 2022 insertions(+), 73 deletions(-) create mode 100644 2024/43xxx/CVE-2024-43205.json create mode 100644 2024/43xxx/CVE-2024-43206.json create mode 100644 2024/7xxx/CVE-2024-7625.json create mode 100644 2024/7xxx/CVE-2024-7626.json create mode 100644 2024/7xxx/CVE-2024-7627.json diff --git a/2024/29xxx/CVE-2024-29082.json b/2024/29xxx/CVE-2024-29082.json index 31228ebc625..24532db5348 100644 --- a/2024/29xxx/CVE-2024-29082.json +++ b/2024/29xxx/CVE-2024-29082.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability affecting Vonets\n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to bypass \nauthentication and factory reset the device via unprotected goform \nendpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37023.json b/2024/37xxx/CVE-2024-37023.json index 64d73f28676..466293d66ba 100644 --- a/2024/37xxx/CVE-2024-37023.json +++ b/2024/37xxx/CVE-2024-37023.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple OS command injection vulnerabilities affecting Vonets \n\n industrial wifi bridge relays and wifi bridge repeaters, software \nversions 3.3.23.6.9 and prior, enable an authenticated remote attacker \nto execute arbitrary OS commands via various endpoint parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39791.json b/2024/39xxx/CVE-2024-39791.json index 7cb6e950a3d..e624528696e 100644 --- a/2024/39xxx/CVE-2024-39791.json +++ b/2024/39xxx/CVE-2024-39791.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39815.json b/2024/39xxx/CVE-2024-39815.json index 2671e34e554..e6eb0e604ef 100644 --- a/2024/39xxx/CVE-2024-39815.json +++ b/2024/39xxx/CVE-2024-39815.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703", + "cweId": "CWE-703" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/40xxx/CVE-2024-40476.json b/2024/40xxx/CVE-2024-40476.json index 993e00ab8b9..071ddd7494e 100644 --- a/2024/40xxx/CVE-2024-40476.json +++ b/2024/40xxx/CVE-2024-40476.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40476", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40476", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/CSRF.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/CSRF.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40477.json b/2024/40xxx/CVE-2024-40477.json index 5db8742e5cb..eb9550cfa33 100644 --- a/2024/40xxx/CVE-2024-40477.json +++ b/2024/40xxx/CVE-2024-40477.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40477", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40477", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in \"/oahms/admin/forgot-password.php\" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"email\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/", + "refsource": "MISC", + "name": "https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/SQL%20Injection.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/SQL%20Injection.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40481.json b/2024/40xxx/CVE-2024-40481.json index 66e2b100106..28fbd552cd3 100644 --- a/2024/40xxx/CVE-2024-40481.json +++ b/2024/40xxx/CVE-2024-40481.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40481", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40481", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross Site Scripting (XSS) vulnerability was found in \"/admin/view-enquiry.php\" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page \"message\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Stored%20XSS.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Stored%20XSS.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40482.json b/2024/40xxx/CVE-2024-40482.json index 2198f87c73b..9b3b31b04ae 100644 --- a/2024/40xxx/CVE-2024-40482.json +++ b/2024/40xxx/CVE-2024-40482.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unrestricted file upload vulnerability was found in \"/Membership/edit_member.php\" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40484.json b/2024/40xxx/CVE-2024-40484.json index 265e2389f98..dcff1b69cc5 100644 --- a/2024/40xxx/CVE-2024-40484.json +++ b/2024/40xxx/CVE-2024-40484.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \"/oahms/search.php\" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the \"searchdata\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Reflected%20XSS.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/PHPGurukul/Old%20Age%20Home%20Mgmt%20System%20v1.0/Reflected%20XSS.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40486.json b/2024/40xxx/CVE-2024-40486.json index 098d10373f1..4b493a60350 100644 --- a/2024/40xxx/CVE-2024-40486.json +++ b/2024/40xxx/CVE-2024-40486.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40486", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40486", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in \"/index.php\" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code", + "refsource": "MISC", + "name": "https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40487.json b/2024/40xxx/CVE-2024-40487.json index 3b17f0ac681..02b3aeeafdd 100644 --- a/2024/40xxx/CVE-2024-40487.json +++ b/2024/40xxx/CVE-2024-40487.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40487", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40487", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross Site Scripting (XSS) vulnerability was found in \"/view_type.php\" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code", + "refsource": "MISC", + "name": "https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf" } ] } diff --git a/2024/40xxx/CVE-2024-40488.json b/2024/40xxx/CVE-2024-40488.json index 5cb48c2a9d2..25d694cb3b1 100644 --- a/2024/40xxx/CVE-2024-40488.json +++ b/2024/40xxx/CVE-2024-40488.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40488", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40488", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://capec.mitre.org/data/definitions/62.html", + "refsource": "MISC", + "name": "https://capec.mitre.org/data/definitions/62.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/CSRF.pdf" } ] } diff --git a/2024/41xxx/CVE-2024-41161.json b/2024/41xxx/CVE-2024-41161.json index 0c3cea62e79..29402bdbabf 100644 --- a/2024/41xxx/CVE-2024-41161.json +++ b/2024/41xxx/CVE-2024-41161.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled." + "value": "Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enables an unauthenticated remote attacker to \nbypass authentication using hard-coded administrator credentials. These \naccounts cannot be disabled." } ] }, diff --git a/2024/41xxx/CVE-2024-41936.json b/2024/41xxx/CVE-2024-41936.json index 979aca2af8b..eb18a1d4007 100644 --- a/2024/41xxx/CVE-2024-41936.json +++ b/2024/41xxx/CVE-2024-41936.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 \nand prior, enables an unauthenticated remote attacker to read arbitrary \nfiles and bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42001.json b/2024/42xxx/CVE-2024-42001.json index 469128a0ac7..78adfa76f3d 100644 --- a/2024/42xxx/CVE-2024-42001.json +++ b/2024/42xxx/CVE-2024-42001.json @@ -1,17 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-425 Forced Browsing", + "cweId": "CWE-425" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vonets", + "product": { + "product_data": [ + { + "product_name": "VAR1200-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR1200-L", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR600-H", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11AC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VBG1200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S-5G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAR11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11N-300", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VAP11G-500", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + }, + { + "product_name": "VGA-1000", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.3.23.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-214-08", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support for additional information.\n\n
" + } + ], + "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information." + } + ], + "credits": [ + { + "lang": "en", + "value": "Wodzen reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43205.json b/2024/43xxx/CVE-2024-43205.json new file mode 100644 index 00000000000..9746ade4bbd --- /dev/null +++ b/2024/43xxx/CVE-2024-43205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-43205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/43xxx/CVE-2024-43206.json b/2024/43xxx/CVE-2024-43206.json new file mode 100644 index 00000000000..29a8f4c0a62 --- /dev/null +++ b/2024/43xxx/CVE-2024-43206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-43206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7625.json b/2024/7xxx/CVE-2024-7625.json new file mode 100644 index 00000000000..d4548e39384 --- /dev/null +++ b/2024/7xxx/CVE-2024-7625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7626.json b/2024/7xxx/CVE-2024-7626.json new file mode 100644 index 00000000000..91aa415647e --- /dev/null +++ b/2024/7xxx/CVE-2024-7626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7627.json b/2024/7xxx/CVE-2024-7627.json new file mode 100644 index 00000000000..a018bac8290 --- /dev/null +++ b/2024/7xxx/CVE-2024-7627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file