CVE-2024-27767 - OpenCVE

CWE-287: Improper Authentication may allow Authentication Bypass

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

References

Link	Resource
https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2024-03-18T13:13:36.868Z

Updated: 2024-06-20T21:26:31.866Z

Reserved: 2024-02-26T09:27:55.322Z

Link: CVE-2024-27767

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-18T14:15:08.050

Modified: 2024-03-18T19:40:00.173

Link: CVE-2024-27767

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27767", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-02-26T09:27:55.322Z", "datePublished": "2024-03-18T13:13:36.868Z", "dateUpdated": "2024-06-20T21:26:31.866Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unistream Unilogic", "vendor": "Unitronics ", "versions": [{"lessThan": "1.35.227", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe, Vera Mens of Claroty Team82"}], "datePublic": "2024-03-18T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nCWE-287: Improper Authentication may allow Authentication Bypass\n\n"}], "value": "\nCWE-287: Improper Authentication may allow Authentication Bypass\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-03-18T13:13:36.868Z"}, "references": [{"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nUpgrade to version 1.35.227 or later.\n\n "}], "value": "\nUpgrade to version 1.35.227 or later.\n\n"}], "source": {"advisory": "ILVN-2024-0147", "discovery": "UNKNOWN"}, "title": "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 CWE-287: Improper Authentication", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "unitronics", "product": "unistream_unilogic", "cpes": ["cpe:2.3:a:unitronics:unistream_unilogic:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.35.227", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-18T18:22:57.969128Z", "id": "CVE-2024-27767", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T21:26:31.866Z"}}]}}