CVE-2024-8692

Summary

A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
TDuckCloudTDuckPro6.0affected
TDuckCloudTDuckPro6.1affected
TDuckCloudTDuckPro6.2affected
TDuckCloudTDuckPro6.3affected

Weaknesses

  • CWE-640: CWE-640 Weak Password Recovery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References