IM
IronMonkey Threat Research

CVE-2024-2013 CRITICAL

Published: 2024-06-11 | Last Modified: 2024-11-21 | Status: Modified

Description

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.

Additional Descriptions (1)

Existe una vulnerabilidad de omisión de autenticación en el servidor FOXMAN-UN/UNEM componente API Gateway que, si se explota, permite a atacantes sin ningún acceso interactuar con los servicios y la superficie de ataque posterior a la autenticación.

CVSS Metrics

Base Score: 10.0 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.0

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-288
[email protected] Primary
en CWE-306

Affected Products

Vendor Product Version Update Type
hitachienergy foxman-un r15a <built-in method update of dict object at 0x72a9ccf88e80> Application
hitachienergy foxman-un r15b <built-in method update of dict object at 0x72a9b092b4c0> Application
hitachienergy foxman-un r16a <built-in method update of dict object at 0x72a9b0929940> Application
hitachienergy foxman-un r16b <built-in method update of dict object at 0x72a9cc7d2540> Application
hitachienergy unem r15a <built-in method update of dict object at 0x72a9b0929840> Application
hitachienergy unem r15b <built-in method update of dict object at 0x72a9b092b240> Application
hitachienergy unem r15b <built-in method update of dict object at 0x72a9ccf887c0> Application
hitachienergy unem r16b <built-in method update of dict object at 0x72a9ccf88e40> Application
hitachienergy unem r16b <built-in method update of dict object at 0x72a9ccf8b6c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:unem:r15b:pc4:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:unem:r15b:pc5:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachienergy:unem:r16b:pc2:*:*:*:*:*:*

References

Notification
Message here