CVE-2024-48953

Missing Authentication for Critical Function (CWE-306)

Published: Nov 7, 2024 / Updated: 12d ago

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48953

Nov 7, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48953. See article

Nov 7, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 7, 2024 at 5:24 PM
CVSS

A CVSS base score of 7.5 has been assigned.

Nov 7, 2024 at 9:40 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 17%)

Nov 8, 2024 at 10:19 AM
Static CVE Timeline Graph

Affected Systems

Logpoint
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

CVE Alert: CVE-2024-48953
Affected Endpoints: No affected endpoints listed.
CVE-2024-48953
High Severity Description An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. Read more at https://www.tenable.com/cve/CVE-2024-48953
NA - CVE-2024-48953 - An issue was discovered in Logpoint before...
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated...
CVE-2024-48953 | Logpoint up to 7.4.x Authentication Plugin improper authentication
A vulnerability, which was classified as critical , was found in Logpoint up to 7.4.x . This affects an unknown part of the component Authentication Plugin Handler . The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-48953 . The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-48953 - Logpoint Unauthenticated Plugin Registration Vulnerability
CVE ID : CVE-2024-48953 Published : Nov. 7, 2024, 5:15 p.m. 49 minutes ago Description : An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. Severity:
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI