3.1 CVE-2024-53701
CSRF
Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc.
Under certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated.
https://nvd.nist.gov/vuln/detail/CVE-2024-53701
Categories
CWE-306 : Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server. When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302]. Chain: a digital asset management program has an undisclosed backdoor in the legacy version of a PHP script (CWE-912) that could allow an unauthenticated user to export metadata (CWE-306) TCP-based protocol in Programmable Logic Controller (PLC) has no authentication. Condition Monitor firmware uses a protocol that does not require authentication. SCADA-based protocol for bridging WAN and LAN traffic has no authentication. Safety Instrumented System uses proprietary TCP protocols with no authentication. Distributed Control System (DCS) uses a protocol that has no authentication. Chain: Cloud computing virtualization platform does not require authentication for upload of a tar format file (CWE-306), then uses .. path traversal sequences (CWE-23) in the file to access unexpected files, as exploited in the wild per CISA KEV. Bluetooth speaker does not require authentication for the debug functionality on the UART port, allowing root shell access WiFi router does not require authentication for its UART port, allowing adversaries with physical access to execute commands as root IT management product does not perform authentication for some REST API requests, as exploited in the wild per CISA KEV. Default setting in workflow management product allows all API requests without authentication, as exploited in the wild per CISA KEV. MFV. Access TFTP server without authentication and obtain configuration file with sensitive plaintext information. Agent software running at privileges does not authenticate incoming requests over an unprotected channel, allowing a Shatter" attack. Product enforces restrictions through a GUI but not through privileged APIs. monitor device allows access to physical UART debug port without authentication Programmable Logic Controller (PLC) does not have an authentication feature on its communication protocols.
References
vultures@jpcert.or.jp
CPE
cpe | start | end |
---|
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
12 | Choosing Message Identifier |
High |
166 | Force the System to Reset Values |
Medium |
216 | Communication Channel Manipulation |
|
36 | Using Unpublished Interfaces or Functionality |
High |
62 | Cross Site Request Forgery |
Very High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.