CVE-2024-0317

Published Jan 15, 2024

Last updated 9 months ago

Overview

Description: Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
Source: cve-coordination@incibe.es
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cve-coordination@incibe.es: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9FD56BD-467E-474E-9512-6C7578892E87"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C196CC1F-F9F0-4FA3-85B7-78ADD07D9BA7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CADEC68D-AE9E-4BE5-AE8B-26DF54EA2626"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F0618D1C-184D-4F39-B86A-9A11BA6B7966"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDF6F74D-AF80-4DCA-AD55-2B0C91097FC5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "62AC2BDE-60CE-40FD-AC51-F89BDB22FF3B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References