CVE-2024-33897

Published Aug 6, 2024

Last updated a month ago

CVSS critical 9.1

Overview

Description: A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-425
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-425

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04E2B00A-5F5D-455D-84DA-4ABFA82A1863",
            "versionEndExcluding": "21.2s10",
            "versionStartIncluding": "21.0s0"
          },
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1873C613-5DB5-4BFB-A538-860E1BF6555B",
            "versionEndExcluding": "22.1s3",
            "versionStartIncluding": "22.0s0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References