Description

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.

Classification

Assigner: [email protected]

CWE: CWE-311

Links
CPEs
  • thrive ips_manager
  • thrive central_manager
  • thrive local_manager

CVSS

CVSS version: 3.1 Base score: 6.8
Base severity: MEDIUM Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Exploitability score: 2.3 Impact score: 4.0

Can you explain the CVE description?

This CVE description is for a vulnerability with the identifier CVE-2024-5731. The vulnerability is related to the communication workflow between the IPS Manager, Central Manager, and Local Manager, where an attacker can manipulate a parameter to control the destination of a request. This manipulation can lead to the attacker gaining access to sensitive information. The CVSS score for this vulnerability is 6.8, which categorizes it as having a medium severity level. The vector CVSS provides more details on the exploitability and impact of the vulnerability. The vulnerability was published on June 14, 2024, and the status is listed as EARLY_WARNING. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-311. There is a link provided to a resource that offers more information about the vulnerability, and the assigner of this CVE is [email protected].

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being the entry point for an attacker to gain control over the IPS Manager, Central Manager, and Local Manager communication workflow. By exploiting this vulnerability and manipulating the parameter to control the destination of a request, the attacker can potentially access sensitive information within the system. This initial access can then lead to further attacks such as data exfiltration, privilege escalation, or even complete system compromise. The attacker may use this vulnerability as a stepping stone in a larger, more complex attack chain to achieve their malicious goals.


Generated on: 2024-07-01