Public Exposure of Internal Application Port Could Lead to Authentication Bypass
CVE-2024-38879

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Omnivise T3000 Application Server R9.2; Omnivise T3000 R8.2 Sp3; Omnivise T3000 R8.2 Sp4
Vendor: CVE Published:; 2 August 2024

Summary

An identified vulnerability in the Omnivise T3000 Application Server series allows unauthorized access due to the exposure of internal application ports on public network interfaces. This vulnerability can enable attackers to bypass standard authentication measures and gain direct access to sensitive applications, potentially leading to serious security risks for affected systems. This issue is present across several versions of the Omnivise T3000, necessitating prompt attention from users to mitigate unauthorized access risks.

Affected Version(s)

Omnivise T3000 Application Server R9.2 0

Omnivise T3000 R8.2 SP3 0

Omnivise T3000 R8.2 SP4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8573...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2024