PT-2024-8932 · Snap One · Snap One Ovrc Cloud
Uri Katz
·
Published
2024-11-12
·
Updated
2024-12-02
·
CVE-2024-50380
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Snap One OVRC cloud (affected versions not specified)
Description:
The issue concerns the use of MAC addresses as identifiers in the Snap One OVRC cloud, allowing an attacker to impersonate other devices by supplying enumerated MAC addresses and potentially receive sensitive information about the device. This could lead to unauthorized access to protected information. An attacker can exploit this by spoofing MAC addresses due to incorrect handling, enabling remote unauthorized access to sensitive data.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snap One Ovrc Cloud