CVE-2024-43692

Summary

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.

Affected Software

VendorProductVersion RangeStatus
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX CONSOLE0 <= 3.4.2.2.6affected
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX4 CONSOLE0 <= 4.17.9eaffected

Weaknesses

  • CWE-288: CWE-288

Workarounds

DFS strongly encourages users of MagLink products to:

  • Install MagLink consoles behind firewalls for security.

  • Monitor and install updates on a timely basis.

  • Contact DFS customer support with any questions about operations or updates of MagLink software.

Alternatively, MagLink may operate offfline or disconnected from a network.

Registered MagLink customers have access to technical information, updates, and technical bulletins via a DFS proprietary portal.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References