CVE-2024-29837

Summary

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

Affected Software

VendorProductVersion RangeStatus
CS Technologies AustraliaEvolution Controller2.xaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control
  • CWE-1390: CWE-1390 Weak Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References