FOG Server Vulnerability: Leakage of AD username and password
CVE-2024-42348

8.6HIGH

Key Information:

Vendor: Fogproject
Status: Fogproject
Vendor: CVE Published:; 2 August 2024

What is CVE-2024-42348?

The FOG Server software, developed by FOG Project, is an imaging and management system that has a vulnerability in version 1.5.10.41.2. This flaw allows for the unintentional leakage of Active Directory usernames and passwords during the computer registration process. This security issue can lead to unauthorized access to sensitive data and systems. The vulnerability was mitigated in subsequent releases, specifically versions 1.5.10.41.3 and 1.6.0-beta.1395, which include necessary patches to bolster security and protect user credentials.

Affected Version(s)

fogproject < 1.5.10.41.3

References

https://github.com/FOGProject/fogproject/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2024

Fogproject

What is CVE-2024-42348?

Affected Version(s)

References

CVSS V3.1

Timeline