CVE-2024-33892

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cosy+ devices versions 21.x through 21.2s9 Cosy+ devices versions 22.x through 22.1s2

Description The issue concerns insecure permissions in Cosy+ devices, which can lead to information leakage through cookies. This problem is resolved in versions 21.2s10 and 22.1s3.

Recommendations For Cosy+ devices versions 21.x through 21.2s9, update to version 21.2s10 to resolve the issue. For Cosy+ devices versions 22.x through 22.1s2, update to version 22.1s3 to resolve the issue.

Exploit

Fix

Improper Preservation of Permissions

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-312

Related Identifiers

CVE-2024-33892

Affected Products

Cosy+

CVE-2024-33892

Weakness Enumeration

Related Identifiers

Affected Products

References · 11