CVE-2024-8651 Vulnerability Details

  /     /     /  

CVE-2024-8651 Metadata Quick Info

CVE Published: 19/09/2024 | CVE Updated: 19/09/2024 | CVE Year: 2024
Source: Kaspersky | Vendor: NetCat | Product: NetCat CMS
Status : PUBLISHED

---

CVE-2024-8651 Description

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-204
CWE Name: CWE-204: Observable Response Discrepancy
Source: NetCat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-575
CAPEC Description: CAPEC-575: Account Footprinting


Source: NVD (National Vulnerability Database).