CVE-2024-4259

Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1377	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:sambas:akos:*:*:*:*:*:*:*:*

History

05 Sep 2024, 14:14

Type	Values Removed	Values Added
First Time		Sambas akos Sambas
CPE		cpe:2.3:a:sambas:akos::::::::
References	~~() https://www.usom.gov.tr/bildirim/tr-24-1377 -~~	() https://www.usom.gov.tr/bildirim/tr-24-1377 - Broken Link
Summary		(es) Vulnerabilidad de administración de privilegios incorrecta en SAMPA? Holding AKOS permite recopilar datos proporcionados por los usuarios. Este problema afecta a AKOS: hasta el 20240902. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		NVD-CWE-noinfo

03 Sep 2024, 15:12

Type	Values Removed	Values Added
Summary	(en) Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	(en) Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

03 Sep 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-03 14:15

Updated : 2024-09-05 14:14

NVD link : CVE-2024-4259

Mitre link : CVE-2024-4259

CVE.ORG link : CVE-2024-4259

JSON object : View

Products Affected

sambas

akos

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2024-4259", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-03T14:15:17.240", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-1377", "tags": ["Broken Link"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de administraci\u00f3n de privilegios incorrecta en SAMPA? Holding AKOS permite recopilar datos proporcionados por los usuarios. Este problema afecta a AKOS: hasta el 20240902. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2024-09-05T14:14:50.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sambas:akos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CF8B6F-F0FC-4823-852E-9A7BDF89396F", "versionEndIncluding": "2024-09-02"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}