CVE-2024-9677 – The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX …

22 October 2024

Vuln ID: CVE-2024-9677

Published: 2024-10-22 02:15:04.380

Description: The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

Base Score: 5.5 – MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Source: NVD.NIST.GOV

Date:

22 October 2024

Categorie(s):

NVD

Tag(s):

NVD

Meta to Fight Celeb-Bait Scams with Facial Recognition22 October 2024
Best practices on securing your AI deployment22 October 2024
GenAI surges in law firms: Will it spell the end of the billable hour?22 October 2024
Palo Alto Networks extends security into harsh industrial environments22 October 2024
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)22 October 2024