CVE-2024-0860 - OpenCVE

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2024-03-14T20:54:56.710Z

Updated: 2024-03-14T20:54:56.710Z

Reserved: 2024-01-24T15:13:18.203Z

Link: CVE-2024-0860

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-14T21:15:50.640

Modified: 2024-03-15T12:53:06.423

Link: CVE-2024-0860

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-0860", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-01-24T15:13:18.203Z", "datePublished": "2024-03-14T20:54:56.710Z", "dateUpdated": "2024-03-14T20:54:56.710Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "edgeConnector", "vendor": "Softing", "versions": [{"status": "affected", "version": "Version 3.60"}]}, {"defaultStatus": "unaffected", "product": "edgeAggregator", "vendor": "Softing", "versions": [{"status": "affected", "version": "Version 3.60"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pan ZhenPeng (@Peterpan0927) and Li JianTao (@CurseRed) of STAR Labs SG Pte. Ltd. (@starlabs_sg) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA. Claroty Team82 working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.</p><br>\n\n"}], "value": "\nThe affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-03-14T20:54:56.710Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update Softing edgeConnector and edgeAggregator to v3.70 or greater.</span><br>"}], "value": "\nUpdate Softing edgeConnector and edgeAggregator to v3.70 or greater.\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}