CVE-2024-49675

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Oct 23, 2024 / Updated: 27d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass. This issue affects iBryl Switch User from n/a through version 1.0.1.

Impact

This vulnerability has a high impact on confidentiality, integrity, and availability. Attackers can potentially bypass authentication mechanisms, leading to unauthorized access to the system. This could result in exposure of sensitive information, alteration of data, and disruption of system availability. The vulnerability is network-accessible and requires low attack complexity, making it relatively easy to exploit.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, since the vulnerability affects iBryl Switch User through version 1.0.1, it's possible that versions after 1.0.1 may have addressed this issue. The security team should check with the vendor for the latest secure version or specific patch information.

Mitigation

1. Update iBryl Switch User to a version newer than 1.0.1 if available. 2. Implement strong network segmentation to limit access to the affected systems. 3. Use additional authentication mechanisms or multi-factor authentication where possible. 4. Monitor for unusual authentication attempts or access patterns. 5. Apply the principle of least privilege to limit the potential impact of successful exploitation. 6. Regularly audit and review authentication processes and access controls.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-49675

Oct 23, 2024 at 3:15 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 23, 2024 at 3:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-49675. See article

Oct 23, 2024 at 3:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 23, 2024 at 3:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 24, 2024 at 9:50 AM
Static CVE Timeline Graph

Affected Systems

Vitaliibryl/switch_user
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
Security Bulletin 30 Oct 2024 - Cyber Security Agency of Singapore
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute ...
CVE-2024-49675
High Severity Description Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1. Read more at https://www.tenable.com/cve/CVE-2024-49675
CVE-2024-49675
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through...
CVE-2024-49675 | Vitalii Bryl iBryl Switch User Plugin up to 1.0.1 on WordPress authentication bypass
A vulnerability classified as critical was found in Vitalii Bryl iBryl Switch User Plugin up to 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-49675 . The attack can be initiated remotely. There is no exploit available.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI