CVE-2024-5404
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ifm | moneo appliance QVA200 | 0.0 <= 1.13 | affected |
| ifm | moneo appliance QHA210 | 0.0 <= 1.13 | affected |
| ifm | moneo appliance QHA300 | 0.0 <= 1.13 | affected |
| ifm | moneo for Micosoft Windows | 0.0 <= 1.13 | affected |
Weaknesses
- CWE-640: CWE-640 Weak Password Recovery Mechanism for Forgotten Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.