CVE-2024-39771

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39771
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN83440451/ Third Party Advisory
https://safie.jp/information/post_6933/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:safie:qbic_cloud_cc-2\/2l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:safie:qbic_cloud_cc-2\/2l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:safie:safie_one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:safie:safie_one:-:*:*:*:*:*:*:*
History

12 Sep 2024, 21:34

Type Values Removed Values Added
CWE CWE-295
First Time Safie qbic Cloud Cc-2\/2l
Safie qbic Cloud Cc-2\/2l Firmware
Safie safie One
Safie
Safie safie One Firmware
CPE cpe:2.3:o:safie:safie_one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:safie:qbic_cloud_cc-2\/2l:-:*:*:*:*:*:*:*
cpe:2.3:h:safie:safie_one:-:*:*:*:*:*:*:*
cpe:2.3:o:safie:qbic_cloud_cc-2\/2l_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
References () https://jvn.jp/en/jp/JVN83440451/ - () https://jvn.jp/en/jp/JVN83440451/ - Third Party Advisory
References () https://safie.jp/information/post_6933/ - () https://safie.jp/information/post_6933/ - Vendor Advisory

28 Aug 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) QBiC CLOUD CC-2L v1.1.30 y anteriores y Safie One v1.8.2 y anteriores no validan correctamente los certificados, lo que puede permitir que un atacante no autenticado adyacente a la red obtenga y/o altere las comunicaciones del producto afectado a través de un hombre en el ataque medio.

28 Aug 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-28 06:15

Updated : 2024-10-28 21:35

NVD link : CVE-2024-39771

Mitre link : CVE-2024-39771

CVE.ORG link : CVE-2024-39771

JSON object : View

Products Affected

safie

  • qbic_cloud_cc-2\/2l
  • qbic_cloud_cc-2\/2l_firmware
  • safie_one
  • safie_one_firmware
CWE
CWE-295

Improper Certificate Validation