CVE-2024-34596

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Smartthings
Timeline
PublishedJul 2

Description

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/smartthings< 1.8.17

🔴Vulnerability Details

2
CVEList
CVE-2024-34596: Improper authentication in SmartThings prior to version 12024-07-02
GHSA
GHSA-j47p-8pvg-jpph: Improper authentication in SmartThings prior to version 12024-07-02
CVE-2024-34596 (HIGH CVSS 7.5) | Improper authentication in SmartThi | cvebase.io