CVE-2024-33897

Name of the Vulnerable Software and Affected Versions HMS Networks Cosy+ (affected versions not specified)

Description The issue concerns improper authentication, allowing a compromised device to request a Certificate Signing Request for another device, potentially leading to an availability issue. This could enable local network attacks due to improper certificate validation. The problem was patched on the Talk2m production server on April 18, 2024.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.