CVE-2024-36389 - Vulnerability Details - OpenCVE

Description

MileSight DeviceHub -

CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

Published: 2024-06-02

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MileSight

DeviceHub

unaffected

Version	Status	Constraints
`v3.0.1-r1 for Ubuntu 20.04`	affected	< Upgrade to the latest version.

Configuration 1 [-]

AND

cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:regular:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36051	MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00073.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0012}`	epss `{'score': 0.00044}`

Thu, 10 Apr 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Milesight Milesight devicehub
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:milesight:devicehub:3.0.1-r1::::regular::: cpe:2.3:o:canonical:ubuntu_linux:20.04::::-:::
Vendors & Products		Canonical Canonical ubuntu Linux Milesight Milesight devicehub

Subscriptions

Canonical Ubuntu Linux

Milesight Devicehub

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-06-02T13:21:11.748Z

Updated: 2024-08-02T03:37:04.960Z

Reserved: 2024-05-27T13:04:44.110Z

Link: CVE-2024-36389

Vulnrichment

Updated: 2024-08-02T03:37:04.960Z

NVD

Status : Analyzed

Published: 2024-06-02T14:15:08.933

Modified: 2025-04-10T19:12:00.540

Link: CVE-2024-36389

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36389", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-05-27T13:04:44.110Z", "datePublished": "2024-06-02T13:21:11.748Z", "dateUpdated": "2024-08-02T03:37:04.960Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DeviceHub", "vendor": "MileSight", "versions": [{"lessThan": "Upgrade to the latest version.", "status": "affected", "version": "v3.0.1-r1 for Ubuntu 20.04", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Claroty Research \u2013 Team 82"}], "datePublic": "2024-06-02T13:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>MileSight DeviceHub - <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</p><br>\n\n"}], "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-06-02T13:21:11.748Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "source": {"advisory": "ILVN-2024-0158", "discovery": "UNKNOWN"}, "title": "MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "milesight", "product": "devicehub", "cpes": ["cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.1-r1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-03T15:47:51.777014Z", "id": "CVE-2024-36389", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T16:24:23.066Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.960Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.960Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36389", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T15:47:51.777014Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"], "vendor": "milesight", "product": "devicehub", "versions": [{"status": "affected", "version": "3.0.1-r1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T15:48:22.458Z"}}], "cna": {"title": "MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values", "source": {"advisory": "ILVN-2024-0158", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Claroty Research \u2013 Team 82"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MileSight", "product": "DeviceHub", "versions": [{"status": "affected", "version": "v3.0.1-r1 for Ubuntu 20.04", "lessThan": "Upgrade to the latest version.", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-02T13:10:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>MileSight DeviceHub - <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</p><br>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-06-02T13:21:11.748Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36389", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:37:04.960Z", "dateReserved": "2024-05-27T13:04:44.110Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-06-02T13:21:11.748Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:regular:*:*:*", "matchCriteriaId": "E2F3586F-AC6E-4771-8E66-36857435ED25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*", "matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass"}, {"lang": "es", "value": "MileSight DeviceHub: CWE-330 El uso de valores insuficientemente aleatorios puede permitir la omisi\u00f3n de autenticaci\u00f3n"}], "id": "CVE-2024-36389", "lastModified": "2025-04-10T19:12:00.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-02T14:15:08.933", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "cna@cyber.gov.il", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}