Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39868

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.

Published

2024-07-09T12:15:18.157

Last Modified

2024-11-21T09:28:27.563

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-425
Type: Primary
CWE-425

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	sinema_remote_connect_server	< 3.2	Yes
Application	siemens	sinema_remote_connect_server	3.2	Yes
Application	siemens	sinema_remote_connect_server	3.2	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-381581.html Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-381581.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)