How severe is CVE-2024-12012?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2024-12012?

This is classified as CWE-598, which is a common weakness in software security.

CVE-2024-12012 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage scenarios. An attacker capable of accessing such values (e.g., victim browser, network traffic inspection) can exploit this vulnerability to leak both the password hash as well as session tokens and bypass the authentication mechanism using a pass-the-hash attack.

Related Vulnerabilities

CVE-2024-32931

MEDIUM

CVSS:5.7(Medium)

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.

CWE-5982024

CVE-2020-5331

MEDIUM

CVSS:5.5(Medium)

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious ...

CWE-5982020

CVE-2023-6287

MEDIUM

CVSS:5.5(Medium)

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

CWE-5982023

CVE-2024-41738

MEDIUM

CVSS:5.9(Medium)

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the m...

CWE-5982024

CVE-2021-21594

MEDIUM

CVSS:5.3(Medium)

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends up...

CWE-5982021

CVE-2023-25524

MEDIUM

CVSS:5.3(Medium)

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker...

CWE-5982023