Authentication Flaw in Archer Platform Affects User Sessions
CVE-2024-34092

8.8HIGH

Key Information:

Vendor: RSA Security
Status: Archer Platform
Vendor: CVE Published:; 6 May 2024

🔔 Create RSA Security Vulnerability Alert

What is CVE-2024-34092?

A significant vulnerability exists in the Archer Platform 6 that affects proper session management due to an oversight in authentication handling. Specifically, the platform failed to terminate existing sessions effectively, exposing users to potential unauthorized access. This issue is present in versions prior to 2024.04, including 6.14 P3 (6.14.0.3), making it essential for users to update their systems promptly to mitigate risks associated with this vulnerability.

References

https://archerirm.com

https://www.archerirm.community/t5/platform-announcements...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 30, 2024