CVE-2024-45832

Published Jan 17, 2025

Last updated a month ago

CVSS low 2.0

Overview

Description
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
3.4
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

ics-cert@hq.dhs.gov
CWE-798

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2024-45832 | Ossur Mobile Logic Application up to 1.5.4 hard-coded credentials (icsma-24-354-01)) has been published on https://t.co/VpMQsXSgCX

    @WolfgangSesin

    17 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References