Description
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2024-07-31T14:15:03.823
3 months agoLast modified
2024-08-12T18:25:44.547
2 months ago