CVE-2024-29837

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below

Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is already signed in.

Recommendations For Evolution Controller versions 2.04.560.31.03.2024 and below, consider restricting access to the Web interface until a patch is available, and ensure that all users sign out when finished using the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287CWE-1390

Related Identifiers

CVE-2024-29837

Affected Products

Evolution Controller

CVE-2024-29837

Weakness Enumeration

Related Identifiers

Affected Products

References · 6