CVE-2024-10381 Vulnerability Details

  /     /     /  

CVE-2024-10381 Metadata Quick Info

CVE Published: 25/10/2024 | CVE Updated: 25/10/2024 | CVE Year: 2024
Source: CERT-In | Vendor: Matrix Comsec | Product: Matrix Door Controller Cosec Vega FAXQ
Status : PUBLISHED

---

CVE-2024-10381 Description

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-288
CWE Name: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Source: Matrix Comsec

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).