CVE-2024-3461

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://www.kioware.com/	Product
https://cert.pl/en/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://www.kioware.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*

History

12 Feb 2025, 15:37

Type	Values Removed	Values Added
References	~~() https://cert.pl/en/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/en/posts/2024/04/CVE-2024-3459 - Broken Link, Third Party Advisory
References	~~() https://cert.pl/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/posts/2024/04/CVE-2024-3459 - Broken Link, Third Party Advisory
References	~~() https://www.kioware.com/ -~~	() https://www.kioware.com/ - Product
CPE		cpe:2.3:a:kioware:kioware::::::windows::*
First Time		Kioware Kioware kioware

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://cert.pl/en/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/en/posts/2024/04/CVE-2024-3459 -
References	~~() https://cert.pl/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/posts/2024/04/CVE-2024-3459 -
References	~~() https://www.kioware.com/ -~~	() https://www.kioware.com/ -

14 May 2024, 16:11

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:41

Updated : 2025-02-12 15:37

NVD link : CVE-2024-3461

Mitre link : CVE-2024-3461

CVE.ORG link : CVE-2024-3461

JSON object : View

Products Affected

kioware

kioware

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2024-3461", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-14T15:41:13.350", "references": [{"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-307"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.\n"}, {"lang": "es", "value": "KioWare para Windows (versiones hasta 8.35) permite forzar el n\u00famero PIN por fuerza bruta, lo que protege la aplicaci\u00f3n contra el cierre, ya que no existen mecanismos que impidan que un usuario adivine excesivamente el n\u00famero."}], "lastModified": "2025-02-12T15:37:59.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FA48DE1E-8A39-439D-BE91-A8FA7E84C1D7", "versionEndIncluding": "8.35"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}