CVE-2024-29843

Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration

CVSS 7.5 HIGHEPSS 0.5%CWE-200 CWE-284

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

CS Technologies Australia · Evolution Controller

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html