CVE

CVE-2024-0387

Severity:
MEDIUM
Type:
Unavailable / Other
Publication date:
26/02/2024
Last modified:
26/02/2024

Description

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.<br /> <br />

Impact

Vector 3.x
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low

Base Score 3.x
6.50
Severity 3.x
MEDIUM

References to Advisories, Solutions, and Tools