Hidden Functionality

CVE-2024-10773

High

9/10

Summary

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-912 - Hidden Functionality

The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.

References

Advisory Timeline

Published Dec 06, 2024

Hidden Functionality

CVE-2024-10773

Summary

CWE-912 - Hidden Functionality

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS