OpenCVE

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Access Management Specialist Project	Access Management Specialist
Shenzhenweitillage	Access Management Specialist

Configuration 1 [-]

cpe:2.3:a:access_management_specialist_project:access_management_specialist:6.62.51215:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dabaizhizhu/123/issues/2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-24T00:00:00

Updated: 2024-08-02T03:57:39.765Z

Reserved: 2024-06-10T00:00:00

Link: CVE-2024-37677

Vulnrichment

Updated: 2024-06-28T18:15:43.603Z

NVD

Status : Modified

Published: 2024-06-24T19:15:15.527

Modified: 2024-11-21T09:24:13.930

Link: CVE-2024-37677

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-37677", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T03:57:39.765Z", "dateReserved": "2024-06-10T00:00:00", "datePublished": "2024-06-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-24T19:00:34.918836"}, "descriptions": [{"lang": "en", "value": "An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/dabaizhizhu/123/issues/2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "shenzhenweitillage", "product": "access_management_specialist", "cpes": ["cpe:2.3:a:shenzhenweitillage:access_management_specialist:6.62.51215:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.62.51215", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T14:39:56.545550Z", "id": "CVE-2024-37677", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T18:25:45.662Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:57:39.765Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/dabaizhizhu/123/issues/2", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:access_management_specialist_project:access_management_specialist:6.62.51215:*:*:*:*:*:*:*", "matchCriteriaId": "5551F46C-46C5-4CA4-A02E-AEEBF3A5CFE4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information."}, {"lang": "es", "value": "Un problema en Shenzhen Weitillage Industrial Co., Ltd, el especialista en gesti\u00f3n de acceso V6.62.51215 permite a un atacante remoto obtener informaci\u00f3n confidencial."}], "id": "CVE-2024-37677", "lastModified": "2024-11-21T09:24:13.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-24T19:15:15.527", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/dabaizhizhu/123/issues/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/dabaizhizhu/123/issues/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}