CVE-2024-3013

Summary

A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

Affected Software

VendorProductVersion RangeStatus
Teledyne FLIRAX81.46.0affected
Teledyne FLIRAX81.46.1affected
Teledyne FLIRAX81.46.2affected
Teledyne FLIRAX81.46.3affected
Teledyne FLIRAX81.46.4affected
Teledyne FLIRAX81.46.5affected
Teledyne FLIRAX81.46.6affected
Teledyne FLIRAX81.46.7affected
Teledyne FLIRAX81.46.8affected
Teledyne FLIRAX81.46.9affected
Teledyne FLIRAX81.46.10affected
Teledyne FLIRAX81.46.11affected
Teledyne FLIRAX81.46.12affected
Teledyne FLIRAX81.46.13affected
Teledyne FLIRAX81.46.14affected
Teledyne FLIRAX81.46.15affected
Teledyne FLIRAX81.46.16affected
Teledyne FLIRAX81.49.16unaffected

Weaknesses

  • CWE-285: Improper Authorization
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References