PT-2024-24060 · Clavister · Clavister E80+1
Strik3R
·
Published
2024-04-02
·
Updated
2024-05-17
·
CVE-2024-3142
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Clavister E10 and E80 versions up to 14.00.10
Description
A vulnerability was found in the Setting Handler component, leading to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Recommendations
For Clavister E10 and E80 versions up to 14.00.10, upgrade to version 14.00.11 to address this issue.
As a temporary workaround, consider disabling the Setting Handler component until a patch is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clavister E10
Clavister E80