CVE-2024-34162

Published Nov 26, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Source
vultures@jpcert.or.jp
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

vultures@jpcert.or.jp
CWE-767

Social media

Hype score
Not currently trending

  1. CVE-2024-34162 The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the… https://t.co/ZIIC6S9S5N

    @CVEnew

    26 Nov 2024

    271 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References