PT-2024-18396 · Unknown · Sma Cluster Controller

David Matilla Rebollo

Published

2024-02-26

Updated

2025-03-11

CVE-2024-1889

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SMA Cluster Controller version 01.05.01.R

Description The issue is a Cross-Site Request Forgery vulnerability that could allow an attacker to send a malicious link to an authenticated user, enabling the attacker to perform actions with the user's permissions on the affected device.

Recommendations For SMA Cluster Controller version 01.05.01.R, consider implementing additional security measures to prevent Cross-Site Request Forgery attacks, such as validating user requests and ensuring that all user interactions are authenticated and authorized. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-1889

Affected Products

Sma Cluster Controller

PT-2024-18396 · Unknown · Sma Cluster Controller

CVE-2024-1889

Weakness Enumeration

Related Identifiers

Affected Products

References · 6