Authorization Bypass Vulnerability in Quanta Computer's QOCA
CVE-2024-13040

8.8HIGH

Key Information:

Vendor: Quanta Computer
Status: Qoca Aim
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-13040?

The QOCA from Quanta Computer is vulnerable to an authorization bypass through a user-controlled key parameter. This flaw enables remote attackers with standard privileges to exploit the vulnerability and gain unauthorized access to restricted features. By manipulating the user ID parameter, attackers can modify any user's account information and privileges, resulting in potential privilege escalation. Organizations utilizing the QOCA should evaluate their network security posture and implement controls to mitigate the risks associated with this vulnerability.

Affected Version(s)

QOCA aim 0

References

https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 30, 2024