Remote Authentication Bypass Vulnerability in Emlog Pro
CVE-2024-5044

8.1HIGH

Key Information:

Vendor

Emlog

Status
Emlog Pro
Vendor
CVE Published:
17 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-5044?

Emlog Pro version 2.3.4 contains a vulnerability in the Cookie Handler component that allows for improper authentication. This issue arises from manipulation of the AuthCookie argument, enabling unauthorized access. The vulnerability can be exploited remotely, though it presents a challenging hurdle for potential attackers. Public disclosure of this flaw raises concerns for users, as there has been no response from the vendor despite early notification of the issue.

Affected Version(s)

Emlog Pro 2.3.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5044 - Proof of Concept

References

https://vuldb.com/?id.264741
vdb-entrytechnical-description
https://vuldb.com/?ctiid.264741
signaturepermissions-required
https://vuldb.com/?submit.331857
third-party-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

bydsteve (VulDB User)
.