CVE-2024-0860
published 2024-03-14CVE-2024-0860: The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.51%
39.8th percentile
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softing | edgeaggregator | — | — |
| softing | edgeaggregator | — | — |
| softing | edgeconnector | — | — |
| softing | edgeconnector | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xc3v-gxv5-4x7q: The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets
ghsa_unreviewed·2024-03-14
CVE-2024-0860 [HIGH] CWE-319 GHSA-xc3v-gxv5-4x7q: The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
CISA ICS
Softing edgeConnector
cisa_ics·2024-03-14·CVSS 7.2
[HIGH] Softing edgeConnector
ICS Advisory
##
Softing edgeConnector
Release DateMarch 14, 2024
Alert CodeICSA-24-074-13
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Low attack complexity
- Vendor: Softing
- Equipment: edgeConnector
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could create conditions that may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Softing edgeConnector are affected:
- Softing edgeConnector: Version 3.60
- Softing edgeAggregator: Version 3.60
## 3.2 Vulnerability Overview
3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
The affected p
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-14
Published