CVE-2024-35294

Missing Authentication for Critical Function (CWE-306)

Published: Oct 2, 2024 / Updated: 48d ago

010
CVSS 6.5EPSS 0.09%Medium
CVE info copied to clipboard

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-35294. See article

Oct 2, 2024 at 10:22 AM / Vulners.com RSS Feed
CVE Assignment

NVD published the first details for CVE-2024-35294

Oct 2, 2024 at 11:15 AM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 2, 2024 at 11:22 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 37.7%)

Oct 3, 2024 at 10:59 AM
Static CVE Timeline Graph

Affected Systems

Cisco/remote
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

CVE-2024-35294
Medium Severity Description An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. Read more at https://www.tenable.com/cve/CVE-2024-35294
Medium - CVE-2024-35294 - An unauthenticated remote attacker may use the...
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
CVE-2024-35294 | Schneider Elektronik Series 700 up to 0.1.17.6 missing authentication
A vulnerability, which was classified as problematic , has been found in Schneider Elektronik Series 700 up to 0.1.17.6 . Affected by this issue is some unknown functionality. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2024-35294 . The attack may be launched remotely. There is no exploit available.
CVE-2024-35294 - Cisco Network Device Traffic Capture Password Disclosure
CVE ID : CVE-2024-35294 Published : Oct. 2, 2024, 11:15 a.m. 16 minutes ago Description : An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. Severity: 6.5 MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-35294
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI