CVE Vulnerabilities

CVE-2024-47784

Unverified Password Change

Published: Apr 30, 2025 | Modified: Apr 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

Weakness

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

Potential Mitigations

References