CVE-2024-2377 Vulnerability Details

  /     /     /  

CVE-2024-2377 Metadata Quick Info

CVE Published: 30/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Hitachi Energy | Vendor: Hitachi Energy | Product: SDM600
Status : PUBLISHED

---

CVE-2024-2377 Description

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

Metrics

CVSS Version: 3.1 | Base Score: 7.6 HIGH
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-346
CWE Name: CWE-346 Origin Validation Error
Source: Hitachi Energy

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-234
CAPEC Description: CAPEC-234 Hijacking a privileged process


Source: NVD (National Vulnerability Database).