Horizon Business Services Caterease up to 24.0.1.2405 TCP Traffic verification of source
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Horizon Business Services Caterease up to 24.0.1.2405. It has been declared as critical. This impacts an unknown function of the component TCP Traffic Handler. Executing a manipulation can lead to verification of source. This vulnerability is registered as CVE-2024-38886. The attack requires access to the local network. Furthermore, an exploit is available.
Details
A vulnerability has been found in Horizon Business Services Caterease up to 24.0.1.2405 (Hospitality Software) and classified as critical. This vulnerability affects some unknown processing of the component TCP Traffic Handler. The manipulation with an unknown input leads to a verification of source vulnerability. The CWE definition for the vulnerability is CWE-940. The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
The bug was discovered 04/17/2024. The weakness was published by Calvin Star (Skelet4r) with jTag Labs as security advisory (VulDB). The public release has been coordinated with the vendor. Caterease lacks proper verification of the source of communication channels, making it susceptible to TCP packet injection attacks. This vulnerability arises because the application does not use encryption or other verification methods to ensure the authenticity of the packets being exchanged between the client and server. As a result, attackers on the same network can intercept the communication and inject arbitrary packets into the communication stream. This vulnerability was named CVE-2024-38886 since 06/21/2024. The exploitation appears to be difficult. Access to the local network is required for this attack to succeed. No form of authentication is required for a successful exploitation. Technical details are unknown but a private exploit is available.
A private exploit has been developed by Skelet4r in Python. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 107 days. During that time the estimated underground price was around . Although an exploit is not currently publicly available, a proof-of-concept exploit has been developed by Skelet4r and jTag Labs to confirm the existence of this vulnerability within the Caterease application. This exploit was created for internal use only and is not being released publicly. To exploit this vulnerability, an attacker can analyze the TCP stream between the client application and server to identify the correct ACK and SEQ numbers. Using these details, a custom packet can be crafted and injected into the stream utilizing Python and libraries such as Scapy or Socket.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.3VulDB Meta Temp Score: 8.2
VulDB Base Score: 5.0
VulDB Temp Score: 4.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
Researcher Base Score: 7.1
Researcher Vector: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CNA Base Score: 9.8
CNA Vector (MITRE): 🔍
ADP CISA Base Score: 9.8
ADP CISA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Researcher Base Score: 🔍
Exploiting
Class: Verification of sourceCWE: CWE-940
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Proof-of-Concept
Author: Skelet4r
Programming Language: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
04/17/2024 🔍05/14/2024 🔍
06/21/2024 🔍
08/01/2024 🔍
08/01/2024 🔍
02/25/2026 🔍
Sources
Researcher: Calvin Star (Skelet4r)Organization: jTag Labs
Status: Not defined
Coordinated: 🔍
CVE: CVE-2024-38886 (🔍)
GCVE (CVE): GCVE-0-2024-38886
GCVE (VulDB): GCVE-100-273370
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 08/01/2024 02:20 PMUpdated: 02/25/2026 11:55 AM
Changes: 08/01/2024 02:20 PM (50), 08/01/2024 02:26 PM (12), 08/02/2024 02:05 PM (37), 08/02/2024 02:08 PM (5), 08/03/2024 06:45 PM (1), 09/11/2024 07:18 AM (21), 02/25/2026 11:55 AM (15)
Complete: 🔍
Submitter: jTag Labs
Committer: jTag Labs
Cache ID: 244:BFD:40
Submit
Accepted
- Submit #383226: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-940: Improper Verification of Source of a Communication Chan (by jTag Labs)
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.