CVE-2024-3462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3462
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://antmedia.io/
https://cert.pl/en/posts/2024/05/CVE-2024-3462
https://cert.pl/posts/2024/05/CVE-2024-3462
https://antmedia.io/
https://cert.pl/en/posts/2024/05/CVE-2024-3462
https://cert.pl/posts/2024/05/CVE-2024-3462
Configurations

No configuration.

History

21 Nov 2024, 09:29

Type Values Removed Values Added
References () https://antmedia.io/ - () https://antmedia.io/ -
References () https://cert.pl/en/posts/2024/05/CVE-2024-3462 - () https://cert.pl/en/posts/2024/05/CVE-2024-3462 -
References () https://cert.pl/posts/2024/05/CVE-2024-3462 - () https://cert.pl/posts/2024/05/CVE-2024-3462 -

07 Nov 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4

10 Oct 2024, 16:15

Type Values Removed Values Added
Summary
  • (es) Ant Media Server Community Edition en una configuración predeterminada es vulnerable a una autorización basada en encabezado HTTP inadecuada, lo que lleva a un posible uso de llamadas API no administrativas reservadas solo para usuarios autorizados. Se cree que todas las versiones hasta la 2.9.0 (probadas) y posiblemente las más nuevas son vulnerables ya que el proveedor no ha confirmado el lanzamiento de un parche.
CWE CWE-863 CWE-302

14 May 2024, 15:41

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:41

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3462

Mitre link : CVE-2024-3462

CVE.ORG link : CVE-2024-3462

JSON object : View

Products Affected

No product.

CWE
CWE-302

Authentication Bypass by Assumed-Immutable Data


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024