How severe is CVE-2024-45407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-45407?

This is classified as CWE-300, which is a common weakness in software security.

CVE-2024-45407

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-300

View all →

Vulnerability Description

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.

CVE-2018-14636

MEDIUM

CVSS:5.3(Medium)

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively ...

CWE-3002018

CVE-2019-8282

MEDIUM

CVSS:5.3(Medium)

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) att...

CWE-3002019

CVE-2023-2310

MEDIUM

CVSS:5.3(Medium)

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (M...

CWE-3002023

CVE-2024-27263

MEDIUM

CVSS:5.3(Medium)

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniqu...

CWE-3002024

CVE-2019-19751

MEDIUM

CVSS:5.6(Medium)

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.

CWE-3002019

CVE-2016-10536

MEDIUM

CVSS:5.9(Medium)

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the w...

CWE-3002016

CVE-2024-45407

Vulnerability Description

Related Vulnerabilities

CVE-2018-14636

CVE-2019-8282

CVE-2023-2310

CVE-2024-27263

CVE-2019-19751

CVE-2016-10536