CVE-2024-3142

Summary

A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ClavisterE1014.00.0affected
ClavisterE1014.00.1affected
ClavisterE1014.00.2affected
ClavisterE1014.00.3affected
ClavisterE1014.00.4affected
ClavisterE1014.00.5affected
ClavisterE1014.00.6affected
ClavisterE1014.00.7affected
ClavisterE1014.00.8affected
ClavisterE1014.00.9affected
ClavisterE1014.00.10affected
ClavisterE8014.00.0affected
ClavisterE8014.00.1affected
ClavisterE8014.00.2affected
ClavisterE8014.00.3affected
ClavisterE8014.00.4affected
ClavisterE8014.00.5affected
ClavisterE8014.00.6affected
ClavisterE8014.00.7affected
ClavisterE8014.00.8affected
ClavisterE8014.00.9affected
ClavisterE8014.00.10affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References