CVE-2024-48955

Name of the Vulnerable Software and Affected Versions NetAdmin version 4.0.30319

Description The issue concerns broken access control, allowing an attacker to exploit the lack of session authorization validation and encryption in the return of a specific endpoint call. This enables an attacker to copy the content of a browser from a user with greater privileges, thereby gaining access to the functionalities of that user. Additionally, an attacker can steal a valid session cookie and inject it into another device, granting unauthorized access through a technique known as session hijacking.

Recommendations For NetAdmin version 4.0.30319, as a temporary workaround, consider implementing additional session validation and encryption measures to prevent unauthorized access. Restrict access to sensitive functionalities and endpoints to minimize the risk of exploitation. Avoid using the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.