How severe is CVE-2024-4062?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-4062?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2024-4062 - LOW Severity | CVSS 3.7

Vulnerability Description

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-1000033

LOW

CVSS:3.7(Low)

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

CWE-2952016

CVE-2016-9015

LOW

CVSS:3.7(Low)

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the li...

CWE-2952016

CVE-2017-15528

LOW

CVSS:3.7(Low)

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pub...

CWE-2952017

CVE-2019-4150

LOW

CVSS:3.7(Low)

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) a...

CWE-2952019

CVE-2019-4654

LOW

CVSS:3.7(Low)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-F...

CWE-2952019

CVE-2020-9488

LOW

CVSS:3.7(Low)

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messa...

CWE-2952020