CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*

cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*

History

12 Aug 2024, 18:25

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
First Time		Proges sensor Net Connect Firmware V2 Proges Proges sensor Net Connect V2
References	~~() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 -~~	() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.2~~	v2 : unknown v3 : 4.6
CPE		cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:::::::* cpe:2.3:h:proges:sensor_net_connect_v2:-:::::::*

01 Aug 2024, 12:42

Type	Values Removed	Values Added
Summary		(es) Un “CWE-201: Inserción de información confidencial en datos enviados” que afecta la cuenta administrativa permite a un atacante con acceso físico a la máquina recuperar la contraseña en texto plano cuando se abre una sesión administrativa en el navegador.

31 Jul 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-31 14:15

Updated : 2024-08-12 18:25

NVD link : CVE-2024-31200

Mitre link : CVE-2024-31200

CVE.ORG link : CVE-2024-31200

JSON object : View

Products Affected

proges

sensor_net_connect_v2
sensor_net_connect_firmware_v2

CWE

NVD-CWE-Other CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2024-31200", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2024-07-31T14:15:03.823", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200", "tags": ["Third Party Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "A \u201cCWE-201: Insertion of Sensitive Information Into Sent Data\u201d affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser."}, {"lang": "es", "value": " Un \u201cCWE-201: Inserci\u00f3n de informaci\u00f3n confidencial en datos enviados\u201d que afecta la cuenta administrativa permite a un atacante con acceso f\u00edsico a la m\u00e1quina recuperar la contrase\u00f1a en texto plano cuando se abre una sesi\u00f3n administrativa en el navegador."}], "lastModified": "2024-08-12T18:25:44.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11A63CF8-0093-4A0A-BE55-80DD1FA882BE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38E5FC75-C0FB-4192-BE05-9A581A790EAF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "prodsec@nozominetworks.com"}