CVE-2024-25656

Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product.
Configurations

No configuration.

History

21 Nov 2024, 09:01

Type Values Removed Values Added
References () https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25656 - () https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25656 -

02 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
CWE CWE-20

19 Mar 2024, 13:26

Type Values Removed Values Added
Summary
  • (es) Una validación de entrada incorrecta en AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS puede provocar que dispositivos CPE (equipos en las instalaciones del cliente) no autenticados almacenen cantidades arbitrariamente grandes de datos durante el registro. Potencialmente, esto puede provocar ataques DDoS en la base de datos de la aplicación y, en última instancia, afectar a todo el producto.

18 Mar 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-18 20:15

Updated : 2024-11-21 09:01


NVD link : CVE-2024-25656

Mitre link : CVE-2024-25656

CVE.ORG link : CVE-2024-25656


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation