Luring Authenticated Victims into Performing State-Changing Operations
CVE-2024-3083

8.3HIGH

Key Information:

Vendor: Plug&track
Status: Sensor Net Connect V2
Vendor: CVE Published:; 31 July 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Nozomi Networks products, where remote attackers can exploit this weakness to perform unauthorized state-changing operations. By deceiving authenticated users into accessing a malicious webpage, attackers can execute privileged actions without consent. It is essential for organizations to be aware of this vulnerability to implement proper security measures and protect sensitive information effectively.

Affected Version(s)

Sensor Net Connect V2 2.24

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.