CVE-2024-5143
Missing Authentication for Critical Function (CWE-306)
Published: May 23, 2024 / Updated: 6mo ago
010
CVSS 6.8EPSS 0.04%Medium
CVE info copied to clipboard
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Timeline
CVE Assignment
NVD published the first details for CVE-2024-5143
May 23, 2024 at 5:15 PM
First Article
Feedly found the first article mentioning CVE-2024-5143. See article
May 23, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate
Feedly estimated the CVSS score as HIGH
May 23, 2024 at 5:24 PM
EPSS
EPSS Score was set to: 0.04% (Percentile: 8.7%)
May 24, 2024 at 9:26 AM
CVSS
A CVSS base score of 6.8 has been assigned.
Oct 31, 2024 at 3:40 PM / nvd
Attack Patterns
CAPEC-12: Choosing Message Identifier
+null more
News
Peripheral Sight - Red Teaming with printer CVE-2024-5143
Broadening your vision in a red team engagement may not only reveal new targets leading to a compromise of a service, but it can also end up with finding a CVE in a multifunctional printer. The idea of targeting a printer revolves around the fact that multifunctional devices may resolve user accounts via and send their mail via, authenticating with at least a service account.
NA - CVE-2024-5143 - A user with device administrative privileges...
By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores
NA - CVE-2024-5143 - A user with device administrative privileges...
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. CVE-2024-5143 originally published on CyberSecurityBoard
CVE-2024-5143
Critical Severity Description A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Read more at https://www.tenable.com/cve/CVE-2024-5143
See 5 more articles and social media posts