CVE-2024-28345

An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/	Exploit Third Party Advisory
https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sipwise:next_generation_communication_platform:*:*:*:*:-:*:*:*

History

17 Jun 2025, 17:08

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ -~~	() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ - Exploit, Third Party Advisory
CPE		cpe:2.3:a:sipwise:next_generation_communication_platform:::::-:::*
First Time		Sipwise Sipwise next Generation Communication Platform

06 Dec 2024, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

21 Nov 2024, 09:06

Type	Values Removed	Values Added
Summary		(es) Un problema descubierto en el panel de control de Sipwise C5 NGCP por debajo de mr11.5.1 permite que un usuario con pocos privilegios acceda al endpoint del diario visitando directamente la URL.
References	~~() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ -~~	() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ -

10 Apr 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-10 19:15

Updated : 2025-06-17 17:08

NVD link : CVE-2024-28345

Mitre link : CVE-2024-28345

CVE.ORG link : CVE-2024-28345

JSON object : View

Products Affected

sipwise

next_generation_communication_platform

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-28345", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2024-04-10T19:15:49.117", "references": [{"url": "https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL."}, {"lang": "es", "value": "Un problema descubierto en el panel de control de Sipwise C5 NGCP por debajo de mr11.5.1 permite que un usuario con pocos privilegios acceda al endpoint del diario visitando directamente la URL."}], "lastModified": "2025-06-17T17:08:46.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sipwise:next_generation_communication_platform:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6811CB3F-052C-4E3C-A6FE-9327D09D5D68", "versionEndExcluding": "mr11.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.5 /10