إرسال #383226: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-940: Improper Verification of Source of a Communication Chanالمعلومات

عنوان	Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-940: Improper Verification of Source of a Communication Chan
الوصف	NOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38886: An issue in Horizon Business Services Inc. Caterease Software allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. Vulnerability Type: CWE-940: Improper Verification of Source of a Communication Channel Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Remote Attack Type: CAPEC-594: Traffic Injection Vulnerability Summary: Caterease Software lacks proper verification of the source of communication channels, making it susceptible to TCP packet injection attacks. This vulnerability arises because the application does not use encryption or other verification methods to ensure the authenticity of the packets being exchanged between the client and server. As a result, attackers on the same network can intercept the communication and inject arbitrary packets into the communication stream. By exploiting this vulnerability, attackers can manipulate the data being transmitted between the client and server. They can alter, insert, or delete packets to disrupt the normal operation of the application, potentially leading to data corruption or loss. This vulnerability impacts the confidentiality, integrity, and availability of the application, as it allows attackers to intercept sensitive data, tamper with transmitted information, and disrupt service availability. CVSS Base Score: High Risk - 8.8 CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Exploitability Metrics Attack Vector (AV): Adjacent Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Changed Impact Metrics Confidentiality (C): High Integrity (I): Low Availability (A): Low
المستخدم	jTag Labs (UID 51246)
ارسال	30/07/2024 04:56 PM (2 سنوات منذ)
الاعتدال	01/08/2024 02:15 PM (2 days later)
الحالة	تمت الموافقة
إدخال VulDB	273370 [Horizon Business Services Caterease حتى 24.0.1.2405 TCP Traffic تنفيذ التعليمات البرمجية عن بُعد]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!