CVE-2024-51984
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-06-26
Assigner: Rapid7, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an authenticated attacker to reconfigure a target device to use an external service controlled by the attacker, such as LDAP or FTP. If the device already has a password for that external service, the attacker can force the device to authenticate to the attacker's service using the existing credentials. This can lead to the attacker obtaining the plaintext password for the external service.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can obtain plaintext passwords for external services by forcing the target device to authenticate to an attacker-controlled service. This can lead to credential disclosure and potentially unauthorized access to other systems or services that use those credentials.