cbcvebase.
CVE-2024-5404
published 2024-06-03

CVE-2024-5404: An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.8th percentile
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

Affected

4 ranges
VendorProductVersion rangeFixed in
ifmmoneo_appliance_qha2100.0 – 1.13
ifmmoneo_appliance_qha3000.0 – 1.13
ifmmoneo_appliance_qva2000.0 – 1.13
ifmmoneo_for_micosoft_windows0.0 – 1.13
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.