CVE-2022-24689

{"id": "CVE-2022-24689", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-07-18T13:15:09.760", "references": [{"url": "https://dsk.lu/fr/produits/temps-de-presence", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dsk.lu/fr/produits/temps-de-presence", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being authenticated. The collected information includes the badge numbers that operate as user login names. They have a PIN code. The PIN code is 4 digits and thus can be guessed in 10000 brute force attempts."}, {"lang": "es", "value": "Se ha detectado un problema en DSK DSKNet versiones 2.16.136.0 y 2.17.136.5. El control de acceso es manejado inapropiadamente. Esto permite que un atacante remoto acceda a las p\u00e1ginas de informaci\u00f3n de la cuenta (incluidos los datos personales) sin ser autenticado. La informaci\u00f3n recopilada incluye los n\u00fameros de identificaci\u00f3n que funcionan como nombres de inicio de sesi\u00f3n de usuarios. Presentan un c\u00f3digo PIN. El c\u00f3digo PINpresenta4 d\u00edgitos y, por lo tanto, puede ser adivinado en 10000 intentos de fuerza bruta"}], "lastModified": "2024-11-21T06:50:53.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dsk:dsknet:2.16.136.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49B0E313-BCD6-47A4-9968-A49FD8E78A34"}, {"criteria": "cpe:2.3:a:dsk:dsknet:2.17.136.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31B0D02-2879-422F-8100-2594CA5E82F5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}