CVE-2024-48847

CWE-328 CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

8.8HIGH

EPSS

0.0%

top 84.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-ent-256 Firmware ABB Aspect-ent-2 Firmware ABB Aspect-ent-96 Firmware +19 more

Timeline

PublishedDec 5

Description

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L

Affected Packages22 packages

▶CVEListV5abb/nexus_series3.08.01

▶CVEListV5abb/matrix_series3.08.01

▶CVEListV5abb/aspect-enterprise3.08.01

▶NVDabb/nexus-264_firmware< 3.08.03

▶NVDabb/nexus-2128_firmware< 3.08.03

🔴Vulnerability Details

GHSA

GHSA-rff8-7ph7-xchr: MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes↗2024-12-05

▶

CVEList

MD5 bypass operation↗2024-12-05

▶