Access Control Flaw in FOG Imaging and Management System
CVE-2024-41108

5.9MEDIUM

Key Information:

Vendor: Fogproject
Status: Fogproject
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-41108?

An access control vulnerability exists in the FOG Project's hostinfo feature, allowing unauthorized retrieval of configuration information by using only the host's MAC address. This attack avenue is restricted to instances where a task is currently pending for the host; else, an error message is displayed. Although sensitive information such as the domain password is concealed with asterisks, this flaw could enable malicious users to gain insights into the system's configuration, potentially leading to further security breaches. The issue has been rectified in version 1.5.10.41.

References

https://github.com/FOGProject/fogproject/security/advisor...

https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024

Fogproject

What is CVE-2024-41108?

References

CVSS V3.1

Timeline