CVE Vulnerabilities

CVE-2024-8891

Published: Sep 18, 2024 | Modified: Sep 26, 2024

CVSS 3.x

5.3

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-8891
CWE	https://cwe.mitre.org/data/definitions/.html

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.

Affected Software

Name	Vendor	Start Version	End Version
Q-smt_firmware	Circutor	1.0.4 (including)	1.0.4 (including)

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.