प्लेटफ़ॉर्म
other
घटक
mbconnect24
में ठीक किया गया
2.16.2
8.2.0
8.2.0
2.16.2
CVE-2024-23943 describes a critical vulnerability affecting the mbCONNECT24 Cloud API. This vulnerability allows an unauthenticated remote attacker to gain access to the cloud API due to a lack of authentication for a critical function. Versions 0.0 through 8.2.0 are affected, and a fix is available in version 8.2.0.
The impact of this vulnerability is significant. An attacker can exploit this flaw to access sensitive data and potentially manipulate configurations within the mbCONNECT24 Cloud API without any authentication. This could lead to unauthorized data breaches, system compromise, and disruption of services. The lack of authentication means that any external user can potentially exploit this vulnerability, significantly expanding the attack surface. While availability isn't directly impacted, the compromise of data integrity and confidentiality represents a severe risk.
This vulnerability has a high probability of exploitation (EPSS score pending). The lack of authentication makes it easily exploitable. Public proof-of-concept code is not currently available, but the ease of exploitation suggests it may emerge. The vulnerability was published on 2025-03-18. It is not currently listed on the CISA KEV catalog.
Organizations utilizing mbCONNECT24 Cloud API in their deployments, particularly those with exposed APIs or those lacking robust network segmentation, are at risk. Legacy configurations and deployments without proper access controls are especially vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.15% (35% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-23943 is to upgrade to version 8.2.0 or later, which includes the necessary authentication controls. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access to the Cloud API to trusted IP addresses only. Implement strict firewall rules to limit external access. Monitor API access logs for any unusual or unauthorized activity. After upgrading, confirm the fix by attempting to access the API without authentication and verifying that access is denied.
mbCONNECT24 को संस्करण 2.16.2 या उच्चतर में अपडेट करें। यह क्लाउड एपीआई में प्रमाणीकरण की कमी को ठीक करता है। अपडेट के बारे में अधिक जानकारी के लिए विक्रेता की सुरक्षा सलाह देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-23943 is a critical vulnerability in the mbCONNECT24 Cloud API allowing unauthenticated access due to missing authentication controls. It affects versions 0.0 through 8.2.0 and has a CVSS score of 9.1.
If you are using mbCONNECT24 Cloud API versions 0.0 to 8.2.0, you are potentially affected by this vulnerability. Assess your deployment and upgrade immediately.
The recommended fix is to upgrade to version 8.2.0 or later. As a temporary workaround, restrict network access to the API and monitor access logs.
While no active exploitation has been confirmed, the ease of exploitation suggests it may become a target. Monitor your systems and implement mitigations proactively.
Refer to the official mbCONNECT24 security advisory for detailed information and updates regarding CVE-2024-23943.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।