CVE-2024-33898

Published: Jun 24, 2024Modified: Feb 6, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://www.axiros.com/2024/03/vulnerability-in-axusermanager

Source: cve@mitre.org

https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-002

Source: cve@mitre.org

https://www.axiros.com/2024/03/vulnerability-in-axusermanager

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.