Authentication Bypass by Spoofing

CVE-2024-50380

High

8.7/10

Summary

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory Timeline

Published Dec 02, 2024

Authentication Bypass by Spoofing

CVE-2024-50380

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS