{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8651", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "state": "PUBLISHED", "assignerShortName": "Kaspersky", "dateReserved": "2024-09-10T12:27:44.134Z", "datePublished": "2024-09-19T16:30:10.685Z", "dateUpdated": "2024-09-19T18:28:53.419Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "NetCat CMS", "vendor": "NetCat", "versions": [{"status": "affected", "version": "6.4.0.24126.2"}, {"status": "unaffected", "version": "6.4.0.24248"}]}], "credits": [{"lang": "en", "type": "finder", "value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.<br><p>This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.<br>\nApply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. \n\n<br></p>"}], "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575: Account Footprinting"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2024-09-19T16:36:20.801Z"}, "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. <br>"}], "value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."}], "source": {"discovery": "UNKNOWN"}, "title": "Netcat CMS: user enumeration", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "netcat", "product": "netcat", "cpes": ["cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.4.0.24126.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T18:24:17.134225Z", "id": "CVE-2024-8651", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T18:28:53.419Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-19T18:24:17.134225Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*"], "vendor": "netcat", "product": "netcat", "versions": [{"status": "affected", "version": "6.4.0.24126.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T18:28:45.942Z"}}], "cna": {"title": "Netcat CMS: user enumeration", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575: Account Footprinting"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetCat", "product": "NetCat CMS", "versions": [{"status": "affected", "version": "6.4.0.24126.2"}, {"status": "unaffected", "version": "6.4.0.24248"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.", "supportingMedia": [{"type": "text/html", "value": "Apply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. <br>", "base64": false}]}], "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.<br><p>This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.<br>\nApply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. \n\n<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy"}]}], "providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2024-09-19T16:36:20.801Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8651", "state": "PUBLISHED", "dateUpdated": "2024-09-19T18:28:53.419Z", "dateReserved": "2024-09-10T12:27:44.134Z", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "datePublished": "2024-09-19T16:30:10.685Z", "assignerShortName": "Kaspersky"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netcat:netcat_content_management_system:*:*:*:*:-:*:*:*", "matchCriteriaId": "D20850FD-B115-402F-95F9-02B818DE8BFE", "versionEndExcluding": "6.4.0.24248", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."}, {"lang": "es", "value": "Una vulnerabilidad en NetCat CMS permite a un atacante enviar una solicitud http especialmente manipulada que puede utilizarse para comprobar si un usuario existe en el sistema, lo que podr\u00eda ser la base para futuros ataques. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/] . Las versiones 6.4.0.24248 y posteriores tienen el parche."}], "id": "CVE-2024-8651", "lastModified": "2024-09-23T17:51:13.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}, "published": "2024-09-19T17:15:15.173", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-204"}], "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}

{}