CVE-2024-7746

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism. These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://asrg.io/security-advisories/cve-2024-7746/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:*

History

22 Aug 2024, 14:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Traccar Traccar traccar
CPE		cpe:2.3:a:traccar:traccar::::::::
Summary		(es) El uso de la vulnerabilidad de credenciales predeterminadas en Tananaev Solutions Traccar Server en los módulos del Panel del administrador permite el abuso de autenticación. Este problema afecta las transacciones privilegiadas implementadas por la solución Traccar que de otro modo deberían estar protegidas por el mecanismo de autenticación. Estas transacciones podrían tener un impacto en cualquier aspecto sensible de la plataforma, incluida la confidencialidad, la integridad y la disponibilidad.
References	~~() https://asrg.io/security-advisories/cve-2024-7746/ -~~	() https://asrg.io/security-advisories/cve-2024-7746/ - Third Party Advisory
CWE		CWE-287

13 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 16:15

Updated : 2024-08-22 14:40

NVD link : CVE-2024-7746

Mitre link : CVE-2024-7746

CVE.ORG link : CVE-2024-7746

JSON object : View

Products Affected

traccar

traccar

CWE

CWE-287

Improper Authentication

CWE-1392

Use of Default Credentials

{"id": "CVE-2024-7746", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.5, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-13T16:15:09.573", "references": [{"url": "https://asrg.io/security-advisories/cve-2024-7746/", "tags": ["Third Party Advisory"], "source": "cve@asrg.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism.\u00a0\nThese transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability."}, {"lang": "es", "value": "El uso de la vulnerabilidad de credenciales predeterminadas en Tananaev Solutions Traccar Server en los m\u00f3dulos del Panel del administrador permite el abuso de autenticaci\u00f3n. Este problema afecta las transacciones privilegiadas implementadas por la soluci\u00f3n Traccar que de otro modo deber\u00edan estar protegidas por el mecanismo de autenticaci\u00f3n. Estas transacciones podr\u00edan tener un impacto en cualquier aspecto sensible de la plataforma, incluida la confidencialidad, la integridad y la disponibilidad."}], "lastModified": "2024-08-22T14:40:44.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D590EA44-D2CF-4505-90BA-6D6A7483A311", "versionEndIncluding": "6.0", "versionStartIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@asrg.io"}