CVE-2024-5559

Published Jun 12, 2024

Last updated 3 months ago

CVSS medium 6.1

Overview

Description: CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device.
Source: cybersecurity@se.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

cybersecurity@se.com: CWE-327
nvd@nist.gov: CWE-327

Hype score: Not currently trending

Severe zero-day vulnerability CVE-2024-5559 in Fortinet's FortiOS & FortiProxy threatens 45,000 systems! 🌐 CVSS score 9.8—attackers can create rogue accounts. Agencies must patch by Jan 21, 2025. 🔒 #Fortinet #ZeroDay #USA link: https://t.co/q8q2UsRIxW https://t.co/GwiJXDzs
@TweetThreatNews
30 Jan 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:powerlogic_p5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67DFDA6A-737D-4BB0-9A35-5F14CA09E6DF",
            "versionEndIncluding": "01.500.104"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:powerlogic_p5:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3EEFB9C4-CB42-46AD-83BE-1344AADC62F5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References