CVE-2024-48730
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| etsi | open_source_mano | 14.0.2 |
| etsi | open_source_mano | 17.0.0 |
| etsi | open_source_mano | 15.0.1 |
| etsi | open_source_mano | 16.0.0 |
| etsi | open_source_mano | 15.0.2 |
| etsi | open_source_mano | 14.0.3 |
| etsi | open_source_mano | 17.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ETSI Open-Source MANO (OSM) versions 14.x and 15.x allows a remote attacker to escalate privileges because the default admin account does not have any restrictions on authentication attempts. Unlike regular user accounts, the admin account never expires, is never locked out, and is always active, making it vulnerable to brute-force attacks where an attacker can rapidly try many passwords without being blocked. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a full system compromise because an attacker can gain unauthorized administrative access by brute-forcing the admin account password. This could allow the attacker to control the system, manipulate virtualized network functions, and potentially disrupt services or steal sensitive information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring authentication logs for excessive or rapid failed login attempts against the default admin account in ETSI Open-Source MANO (OSM). Since the admin account does not lock out or throttle requests, look for unusually high rates of login attempts, such as hundreds per second. Commands to detect this could include using log analysis tools or commands like 'grep' on authentication logs to find repeated failed login attempts for the admin user, for example: 'grep "admin" /var/log/osm_auth.log | grep "failed" | wc -l' or using network monitoring tools to detect high-frequency authentication requests to the OSM UI/API endpoints. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting IP access to the OSM UI and API interfaces to trusted sources only, implementing external protective mechanisms such as request throttling to limit the rate of authentication attempts, and deploying automated blacklisting systems to block IPs exhibiting excessive or anomalous login attempts. Since no official fix or patch is available, these external controls are recommended to reduce the risk of brute-force attacks against the default admin account. [1]