CVE-2024-34453

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions TwoNav version 2.1.13

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited via the url parameter to the API endpoint "index.php?c=api&method=read data&type=connectivity test", which ultimately reaches "/system/api.php".

Recommendations For TwoNav version 2.1.13, consider disabling access to the "index.php?c=api&method=read data&type=connectivity test" endpoint until a patch is available. Restrict the use of the url parameter in this endpoint to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-34453

Affected Products

Twonav

CVE-2024-34453

Weakness Enumeration

Related Identifiers

Affected Products

References · 6