A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.
History

Mon, 02 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Snapone
Snapone ovrc-300-pro
CPEs cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*
Vendors & Products Snapone
Snapone ovrc-300-pro
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 02 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.
Title Missing Authentication for Critical Function in Snap One OVRC cloud
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-12-02T16:34:44.415Z

Updated: 2024-12-02T18:29:09.661Z

Reserved: 2024-10-23T15:31:57.810Z

Link: CVE-2024-50381

cve-icon Vulnrichment

Updated: 2024-12-02T18:29:03.204Z

cve-icon NVD

Status : Received

Published: 2024-12-02T17:15:12.160

Modified: 2024-12-02T17:15:12.160

Link: CVE-2024-50381

cve-icon Redhat

No data.