CVE-2024-28144

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 384

Summary

CVE-2024-28144 is a session management vulnerability that allows an attacker to spoof both the IP address and User-Agent of a logged-in user. By doing so, they can hijack the user's session and gain unauthorized access to their account. This issue is particularly concerning if two users access the web interface from the same IP address, as they will be logged in as each other. This self-developed session management system lacks proper security measures, leading to the potential for session takeovers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share