CVE-2024-13040
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Quanta Computer | QOCA aim | 0 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html
- https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.