CVE-2024-50381

Missing Authentication for Critical Function in Snap One OVRC cloud

Description

A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.

INFO

Published Date :

2024-12-02T16:34:44.415Z

Last Modified :

2024-12-02T18:29:09.661Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2024-50381 vulnerability.

Vendors	Products
Snapone	Ovrc-300-pro

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50381.

URL	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability