CVE-2024-48955

moderate-risk

Published 2024-10-29

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.

Do I need to act?

14.5% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

References (3)

https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview

https://netadmin.software/gestao-de-identidade-e-acesso/

https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-48955&sortby=bydate

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 12/34 · Low

Exposure 5/34 · Minimal