CVE-2024-5404

Summary

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

Affected Software

VendorProductVersion RangeStatus
ifmmoneo appliance QVA2000.0 <= 1.13affected
ifmmoneo appliance QHA2100.0 <= 1.13affected
ifmmoneo appliance QHA3000.0 <= 1.13affected
ifmmoneo for Micosoft Windows0.0 <= 1.13affected

Weaknesses

  • CWE-640: CWE-640 Weak Password Recovery Mechanism for Forgotten Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References