CVE-2024-11978
Vulnerability Scoring
7.5
/10
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: NETWORK
- Privileges Required: None
- Scope: UNCHANGED
- User Interaction: NONE
CIA Impact Definition
- Confidentiality: HIGH IMPACT
- Integrity:
- Availability:
CVE-2024-11978 Vulnerability Summary
DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.
Access Complexity Graph for CVE-2024-11978
Impact Analysis for CVE-2024-11978
CVE-2024-11978: Detailed Information and External References
EPSS
0.00043
EPSS %
0.10929
References
0.00043
- https://www.twcert.org.tw/en/cp-139-8270-a56e6-2.html
- https://www.twcert.org.tw/tw/cp-132-8269-22a8f-1.html
CWE
CWE-36
CAPEC
0.00043
- Absolute Path Traversal: An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as ".." to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.
CVSS3 Source
twcert@cert.org.tw
CVSS3 Type
Primary
CVSS3 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.